我在一个涉及一个或多个句子的长字符串的数据库中存储和编辑一些字段.每当我在文本框中输入单引号并想要保存它时,它会抛出一个异常,例如 "l'附近的语法不正确.字符串''后面的未闭合引号." 有什么想法可以避免吗?
编辑: 查询是:
SqlCommand com = new SqlCommand("UPDATE Questions SET Question = '[" +
tbQuestion.Text + "]', Answer = '[" +
tbAnswer.Text + "]', LastEdit = '" +
CurrentUser.Login +
"'WHERE ID = '" + CurrentQuestion.ID + "'");
Joh*_*ers 11
正如KM所说,不要这样做!
做此相反:
private static void UpdateQuestionByID(
int questionID, string question, string answer, string lastEdited)
{
using (var conn = new SqlConnection(connectionString))
{
conn.Open();
const string QUERY =
@"UPDATE Questions " +
@"SET Question = @Question, Answer = @Answer, LastEdit = @LastEdited " +
@"WHERE ID = @QuestionID";
using (var cmd = new SqlCommand(QUERY, conn))
{
cmd.Parameters.AddWithValue("@Question", question);
cmd.Parameters.AddWithValue("@Answer", answer);
cmd.Parameters.AddWithValue("@LastEdited", lastEdited);
cmd.Parameters.AddWithValue("@QuestionID", questionID);
cmd.ExecuteNonQuery();
}
}
}
如果要在SQL字段中包含单引号,请使用单引号将其转义
'''Test''' = 'Text'
这适用于SQL Server.