B.M*_*M.A 1 c# sql sql-server sql-server-2008
我想将数据插入数据库表:
myCommand.CommandText = "INSERT INTO Selectionner (IdPrestation,
IdPhrase, DegreUrgence,RisqueConcerne,rowguid,Cotation) " +
"VALUES ('" +new Guid(emp.IdPrestation) +
"', '" +new Guid(emp.IdPhrase)+ "', '" +
emp.DegreUrgence + "','" + emp.RisqueConcerne + "','" +
new Guid(emp.rowguid) + "','" + emp.Cotation + "')";
但是这会返回一个错误:
Guid应包含32位数字和4个破折号
(xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).
我该如何解决这个错误?
你的一个或多个
emp.IdPrestation //Or
emp.IdPhrase //Or
emp.rowguid //Check them before creating
是/不是GUID.这就是它抛出错误的原因.
编辑:开始
Guid.TryParse()如果解析操作成功,如何使用返回true; 否则,错误.
//How to parse safely
Guid IdPrestation;
Guid IdPhrase;
Guid rowguid;
if(Guid.TryParse(emp.IdPrestation, out IdPrestation) &&
Guid.TryParse(emp.IdPhrase, out IdPhrase) &&
Guid.TryParse(emp.rowguid, out rowguid) )
{
//all variables have been parse successfully
//Execute the sql query as follows using parameters
}
编辑:结束
另外,使用内联sql将参数作为直接字符串传递是一个unsafe bad practice.相反use a parameterised query.
myCommand.CommandText = "INSERT INTO yourTableName (c1, c2, ...)
VALUES (@p1, @p2,...)";
myCommand.Parameters.Add(new SqlParameter("p1", valueforCol1));
myCommand.Parameters.Add(new SqlParameter("p2", valueforCol2));
...