Fatal编程技术网
  • csharp/
  • C# 如何在MySql insert中使用列表中的列名

C# 如何在MySql insert中使用列表中的列名

c# sql c#-4.0

C# 如何在MySql insert中使用列表中的列名,c#,sql,c#-4.0,sqlparameter,C#,Sql,C# 4.0,Sqlparameter,我有两份清单: List<string> ColumnNames = new List<string>(); List<string> ValueNames = new List<string>(); ColumnNames = names.Keys.ToList(); ValueNames = names.Values.ToList(); 这里我要指出语法中的错误 ... command.CommandText = "insert into M

我有两份清单:

List<string> ColumnNames = new List<string>();
List<string> ValueNames = new List<string>();
ColumnNames = names.Keys.ToList();
ValueNames = names.Values.ToList();
这里我要指出语法中的错误

...
command.CommandText = "insert into MyTable (" + string.Join(",", ColumnNames) + ") values ('" + string.Join(",", ValueNames) + "')";
...

在最后两个代码中,我采用了错误“列计数与第1行的值计数不匹配,但

ColumnNames.Count = ValueNames.Count
这就是您可以使用另一个问题中提供的答案“编写脚本”的内容:

string tableName = "Person";

// the names of the columns in your table    
var columnNames = new List<string> { "Name", "Age", "BirthDate" };

// the data you want to store in each column
var data = new List<string> { "Klaus", "22", "Before 2010" };

var myColumns = string.Join (", ", columnNames.Select (n => string.Format("[{0}]",n)));
var myParamColumns = string.Join (", ", columnNames.Select (n => string.Format("@{0}",n)));

using (var dbCommand = new SqlCommand() /*conDataBase.CreateCommand ()*/)
{ 
    dbCommand.CommandText = string.Format ("insert into {0}  ( {1} ) values ( {2} );", tableName, myColumns, myParamColumns);

    // your insert now looks like this:
    // insert into Person  ( [Name], [Age], [BirthDate] ) values ( @Name, @Age, @BirthDate );

    Console.WriteLine (dbCommand.CommandText);

    // then you add each single piece of data to each used @....    

    for (int i = 0; i < columnNames.Count; i++)
      dbCommand.Parameters.AddWithValue (columnNames[i], data[i]);

    dbCommand.ExecuteNonQuery ();
}

string tableName=“Person”;
//表中列的名称
var columnNames=新列表{“姓名”、“年龄”、“出生日期”};
//要存储在每列中的数据
var数据=新列表{“Klaus”,“22”,“2010年之前”};
var myColumns=string.Join(“,”,columnNames.Select(n=>string.Format(“[{0}]”,n));
var myParamColumns=string.Join(“,”,columnNames.Select(n=>string.Format(“@{0}”,n));
使用(var dbCommand=new SqlCommand()/*conDataBase.CreateCommand()*/)
{ 
dbCommand.CommandText=string.Format(“插入到{0}({1})值({2});”,tableName,myColumns,myParamColumns);
//您的插入现在如下所示:
//在Person([Name]、[Age]、[BirthDate])中插入值(@Name、@Age、@BirthDate);
Console.WriteLine(dbCommand.CommandText);
//然后将每一条数据添加到每个使用的@。。。。
for(int i=0;i
我找到了解决方案: 

List ColumnNames=names.Keys.ToList()
List ValueNames=names.Values.ToList();
List RevValueNames=新列表();
ForEach(x=>RevValueNames.Add(““+x+””));
string Query=string.Format(“插入MyTable({0})值({1})”,string.Join(“,”,ColumnNames),string.Join(“,”,RevValueNames));
command.CommandText=查询;
可能的重复项您需要单独添加所有参数名称和每个参数映射。请参阅有关其外观的答案。命令文本中的变量名称应以
@
作为前缀-在向查询添加带有值的参数时使用相同的名称。我也尝试了此操作,但出现了相同的错误:列计数doesn与第1行的值计数不匹配我认为变量ColumnNames中存在问题,而不是值,并且list.count在不同的GridView中会不同,因此您给我的示例没有回答这个问题((谢谢,我认为最好使用:list RevValueNames=new list();myParamColumns.ForEach(x=>RevValueNames.Add(““+x+”));您不应该使用用户输入字符串并将其串接到您的sql.Google sql注入中。或者想想如果我将其输入到您的文本框中会发生什么:
);TRUNCATE MyTable;DROP TABLE MyTable;
使用
SqlParameter
可防止出现这种情况。但我别无选择,我有许多表和许多GridView,我习惯于为所有这些表编写一个模块,而且列名和数量不同 
ColumnNames.Count = ValueNames.Count

string tableName = "Person";

// the names of the columns in your table    
var columnNames = new List<string> { "Name", "Age", "BirthDate" };

// the data you want to store in each column
var data = new List<string> { "Klaus", "22", "Before 2010" };

var myColumns = string.Join (", ", columnNames.Select (n => string.Format("[{0}]",n)));
var myParamColumns = string.Join (", ", columnNames.Select (n => string.Format("@{0}",n)));

using (var dbCommand = new SqlCommand() /*conDataBase.CreateCommand ()*/)
{ 
    dbCommand.CommandText = string.Format ("insert into {0}  ( {1} ) values ( {2} );", tableName, myColumns, myParamColumns);

    // your insert now looks like this:
    // insert into Person  ( [Name], [Age], [BirthDate] ) values ( @Name, @Age, @BirthDate );

    Console.WriteLine (dbCommand.CommandText);

    // then you add each single piece of data to each used @....    

    for (int i = 0; i < columnNames.Count; i++)
      dbCommand.Parameters.AddWithValue (columnNames[i], data[i]);

    dbCommand.ExecuteNonQuery ();
}

List<string> ColumnNames = names.Keys.ToList()
List<string> ValueNames = names.Values.ToList();
List<string> RevValueNames = new List<string>();
ValueNames.ForEach(x => RevValueNames.Add("'" + x + "'"));
string Query = string.Format("insert into MyTable ({0}) values ({1})", string.Join(",", ColumnNames), string.Join(",", RevValueNames));
                command.CommandText = Query;