C# DataGrid-SQL插入查询错误c
我正在尝试使用sql查询添加到表访问和datagrid行。不成功地购买。有什么想法吗?谢谢 我的sql查询:C# DataGrid-SQL插入查询错误c,c#,mysql,sql-server,wpf,datagrid,C#,Mysql,Sql Server,Wpf,Datagrid,我正在尝试使用sql查询添加到表访问和datagrid行。不成功地购买。有什么想法吗?谢谢 我的sql查询: DataBaseIkuns.Instance.InsertToDB(string.Format(DictionaryUtilsDB.dictioneary[DictionaryUtilsDB.CommendTypes.AddObserver], o.ID_Observer, o.Lat, o.Long, o.azimuth)); public static Dictionary&l
DataBaseIkuns.Instance.InsertToDB(string.Format(DictionaryUtilsDB.dictioneary[DictionaryUtilsDB.CommendTypes.AddObserver], o.ID_Observer, o.Lat, o.Long, o.azimuth));
public static Dictionary<CommendTypes, string> dictioneary = new Dictionary<CommendTypes, string>
{
{CommendTypes.AddObserver,"Insert into ShowTableObserver(ID_Ob,Lat,Long,Azimuth)"
+"values('{0}','{1}','{2}','{3}')"},
{CommendTypes.AzimuthLongLatFromOB,"SELECT ID_Observer,Longitude,Latitude,Azimuth FROM Observer Where ID_Observer = {0}"}
};
public void InsertToDB(string sql) // It get the right values - 1,2,3,4
{
int insert = 0;
try
{
if (con.State.ToString()== "Open")
{
cmd = new OleDbCommand();
oledbAdapter = new OleDbDataAdapter();
dt = new DataTable();
cmd.Connection = con;
cmd.CommandText = sql;
insert = cmd.ExecuteNonQuery(); // Here it jump's to the catch. why ?
if (insert > 0)
{
MessageBox.Show("Your Insert successed");
}
else
{
MessageBox.Show("Your Insert failed");
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
如果您使用OleDb提供程序后面的Access数据库,则LONG一词存在问题。它是一个保留关键字,在许多其他数据库系统中可能也是这样。在这种情况下,需要将字段名封装在方括号中
{CommendTypes.AddObserver,"Insert into ShowTableObserver(ID_Ob,Lat,[Long],Azimuth)"
表示需要开始使用参数化查询。Format是另一种字符串连接,当查询字符串中缺少一个引号或其他类型说明符时,它会导致Sql注入、解析问题和微妙的语法错误
比如说
public static Dictionary<CommendTypes, string> dictioneary = new Dictionary<CommendTypes, string>
{
{CommendTypes.AddObserver,"Insert into ShowTableObserver(ID_Ob,Lat,Long,Azimuth)"
+"values(?,?,?,?)"},
{CommendTypes.AzimuthLongLatFromOB,"SELECT ID_Observer,Longitude,Latitude,Azimuth "
+"FROM Observer Where ID_Observer = ?"}
};
public void InsertToDB(string sql, List<OleDbParameter> parameters)
{
int insert = 0;
try
{
if (con.State.ToString()== "Open")
{
using(cmd = new OleDbCommand());
{
cmd.Connection = con;
cmd.CommandText = sql;
cmd.Parameters.AddRange(parameters.ToArray());
insert = cmd.ExecuteNonQuery();
}
........
}
}
......
}
现在,当您调用InsertDB时,您将编写
DataBaseIkuns.Instance.InsertToDBstring.FormatDictionaryUtilsDB.Dictionary[DictionaryUtilsDB.CommittedTypes.AddObserver],o.Lat,o.Long,o.Axitation
List<OleDbParameter> parameters = new List<OleDbParameter>();
parameters.Add(new OleDbParameter())
{
ParameterName = "@p1", OleDbType= OleDbType.VarWChar, Value = o.ID_Observer
}
parameters.Add(new OleDbParameter())
{
ParameterName = "@p2", OleDbType= OleDbType.VarWChar, Value = o.Lat
}
parameters.Add(new OleDbParameter())
{
ParameterName = "@p3", OleDbType= OleDbType.VarWChar, Value = o.Long
}
parameters.Add(new OleDbParameter())
{
ParameterName = "@p4", OleDbType= OleDbType.VarWChar, Value = o.Azimuth
}
DataBaseIkuns.Instance.InsertToDB(
DictionaryUtilsDB.dictioneary[DictionaryUtilsDB.CommendTypes.AddObserver], parameters);
当出现异常时,您能给我们sql的值吗?是的,我编辑了问题,看一看,准确显示catch块中显示的错误消息是最重要的。您是否使用Access数据库存储数据?是的,我使用Access作为我的数据库,因为我应该这样做。错误是查询中的语法错误。
List<OleDbParameter> parameters = new List<OleDbParameter>();
parameters.Add(new OleDbParameter())
{
ParameterName = "@p1", OleDbType= OleDbType.VarWChar, Value = o.ID_Observer
}
parameters.Add(new OleDbParameter())
{
ParameterName = "@p2", OleDbType= OleDbType.VarWChar, Value = o.Lat
}
parameters.Add(new OleDbParameter())
{
ParameterName = "@p3", OleDbType= OleDbType.VarWChar, Value = o.Long
}
parameters.Add(new OleDbParameter())
{
ParameterName = "@p4", OleDbType= OleDbType.VarWChar, Value = o.Azimuth
}
DataBaseIkuns.Instance.InsertToDB(
DictionaryUtilsDB.dictioneary[DictionaryUtilsDB.CommendTypes.AddObserver], parameters);