如何将项目正确插入表中?SQL/C#
由于第二次查询错误,我在将评论插入评论表时遇到问题。如果我使用查询而不是(2457547,4),我的消息框(调试)会一直显示为(se7en,57547,4),甚至是0,因为当我键入电影时,它会转换为电影ID号,以便用作不同表的int。我的目标是读取为(2457547,4),以便插入到我的表中如何将项目正确插入表中?SQL/C#,c#,sql-server,visual-studio-2013,C#,Sql Server,Visual Studio 2013,由于第二次查询错误,我在将评论插入评论表时遇到问题。如果我使用查询而不是(2457547,4),我的消息框(调试)会一直显示为(se7en,57547,4),甚至是0,因为当我键入电影时,它会转换为电影ID号,以便用作不同表的int。我的目标是读取为(2457547,4),以便插入到我的表中 private void InsertReview_Click(object sender, EventArgs e) { string filename, connecti
private void InsertReview_Click(object sender, EventArgs e)
{
string filename, connectionInfo;
SqlConnection db;
this.listBox1.Items.Clear();
filename = "netflix.mdf";
connectionInfo = String.Format(@"Data Source=(LocalDB)\v11.0;AttachDbFilename=|DataDirectory|\{0};Integrated Security=True;", filename);
db = new SqlConnection(connectionInfo);
db.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = db;
string moviename = this.textBox1.Text;
moviename = moviename.Replace("'", "''");
cmd.CommandText = string.Format(
@"SELECT MovieID FROM Movies
where MovieName = '{0}';", moviename);
object result = cmd.ExecuteScalar();
int id = System.Convert.ToInt32(result);
this.listBox1.Items.Add(id); //debugging to make sure it converted right
SqlCommand cmd2 = new SqlCommand();
cmd2.Connection = db;
cmd2.CommandText = //the 2nd query, the issue im posting here
string.Format(
@"INSERT INTO Reviews (MovieID, UserID, Rating)
VALUES({0});", id, this.textBox1.Text);
MessageBox.Show(cmd2.CommandText); //debugging
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
adapter.Fill(ds);
db.Close();
//this.listBox1.Items.Add("Movie Review inserted successfully!");
}
在字符串中。格式:
cmd2.CommandText = //the 2nd query, the issue im posting here
string.Format(
@"INSERT INTO Reviews (MovieID, UserID, Rating)
VALUES({0});", id, this.textBox1.Text);
您只有一个格式项{0}
,但您正在传递两个要插入字符串的参数。您正试图在表中插入3列数据。我不确定UserID和Rating存储在哪里/如何存储,但您的代码应该更像:
cmd2.CommandText = //the 2nd query, the issue im posting here
string.Format(
@"INSERT INTO Reviews (MovieID, UserID, Rating)
VALUES({0}, {1}, '{2}');", id, userId, rating);
但这是一种非常糟糕的动态SQL方法
您应该参数化查询,如下所示:
cmd2.CommandText = //the 2nd query, the issue im posting here
@"INSERT INTO Reviews (MovieID, UserID, Rating)
VALUES(@MovieId, @UserId, @Rating);");
cmd2.Parameters.AddWithValue("@MovieId", id);
cmd2.Parameters.AddWithValue("@UserId", userId);
cmd2.Parameters.AddWithValue("@Rating", rating);
在字符串中。格式:
cmd2.CommandText = //the 2nd query, the issue im posting here
string.Format(
@"INSERT INTO Reviews (MovieID, UserID, Rating)
VALUES({0});", id, this.textBox1.Text);
您只有一个格式项{0}
,但您正在传递两个要插入字符串的参数。您正试图在表中插入3列数据。我不确定UserID和Rating存储在哪里/如何存储,但您的代码应该更像:
cmd2.CommandText = //the 2nd query, the issue im posting here
string.Format(
@"INSERT INTO Reviews (MovieID, UserID, Rating)
VALUES({0}, {1}, '{2}');", id, userId, rating);
但这是一种非常糟糕的动态SQL方法
您应该参数化查询,如下所示:
cmd2.CommandText = //the 2nd query, the issue im posting here
@"INSERT INTO Reviews (MovieID, UserID, Rating)
VALUES(@MovieId, @UserId, @Rating);");
cmd2.Parameters.AddWithValue("@MovieId", id);
cmd2.Parameters.AddWithValue("@UserId", userId);
cmd2.Parameters.AddWithValue("@Rating", rating);
请咨询,请咨询。