C# 如何将XML文件插入列中
我正在尝试使用c#将一个用户配置文件设置xml(作为一个完整的文件放入xml数据类型的列)上传到我的postgres数据库中,下面是我的代码C# 如何将XML文件插入列中,c#,postgresql,C#,Postgresql,我正在尝试使用c#将一个用户配置文件设置xml(作为一个完整的文件放入xml数据类型的列)上传到我的postgres数据库中,下面是我的代码 var connstring = System.Configuration.ConfigurationManager.ConnectionStrings["pgcon"].ConnectionString; using (NpgsqlConnection conn = new NpgsqlConnection(connstring)) { con
var connstring = System.Configuration.ConfigurationManager.ConnectionStrings["pgcon"].ConnectionString;
using (NpgsqlConnection conn = new NpgsqlConnection(connstring))
{
conn.Open();
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.Load("G:\\new repo\\setting xmls\\settings.xml");
//workinq query insert
// string sql2 = string.Format(@"INSERT INTO Public.""UserDetails"" (id, usercode, address) VALUES ('dd', 'code', '1001')");
NpgsqlCommand dbcmd = conn.CreateCommand();
try
{
string sql = string.Format("SET SEARCH_PATH to Public;");
string sql0 = string.Format(@"INSERT INTO Public.""UserProfile"" (setting, userstatus, userstatusdescription, id) VALUES ('{0}', true, 'active', 'ddd');", xmlDoc);
dbcmd.CommandText = sql + sql0;
dbcmd.ExecuteNonQuery();
}
catch (Exception ex)
{
throw;
}
}
System.Xml.XmlDocument如有任何帮助,我们将不胜感激。如评论中所述,您可以执行以下操作
string myXml = XDocument.Load("G:\\new repo\\setting xmls\\settings.xml").ToString()
请使用@ahammadalipk,因为这最初是为了解决OP的XML上传问题而发布的@AMMADALIPK答案涵盖了OP在Sql注入方面遇到的问题,如评论中所述,您可以执行以下操作
string myXml = XDocument.Load("G:\\new repo\\setting xmls\\settings.xml").ToString()
请使用@ahammadalipk,因为这最初是为了解决OP的XML上传问题而发布的@ahammadalipk答案涵盖了OP在Sql注入中遇到的问题,以避免问题小BOBBY表(当xml数据包含单引号和注入错误时出错),您可以使用
npgsqlparmeterstring sql0 = string.Format(@"INSERT INTO Public.""UserProfile"" (setting, userstatus, userstatusdescription, id) VALUES ('{0}', true, 'active', 'ddd');", myXml);
NpgsqlParameter p = new NpgsqlParameter("@myXml", NpgsqlTypes.NpgsqlDbType.Xml);
p.Value = myXml;
using (NpgsqlConnection conn = new NpgsqlConnection(connstring))
{
conn.Open();
string myXml = XDocument.Load("G:\\new repo\\setting xmls\\settings.xml").ToString();
NpgsqlCommand dbcmd = conn.CreateCommand();
try
{
string sql = string.Format("SET SEARCH_PATH to Public;");
string sql0 = string.Format(@"INSERT INTO Public.""UserProfile"" (setting, userstatus, userstatusdescription, id) VALUES (@myXml, true, 'active', 'ddd');");
dbcmd.CommandText = sql + sql0;
NpgsqlParameter p = new NpgsqlParameter("@myXml", NpgsqlTypes.NpgsqlDbType.Xml);
p.Value = myXml;
dbcmd.Parameters.Add(p);
dbcmd.ExecuteNonQuery();
}
catch (Exception ex)
{
throw;
}
}
快乐编码!对于后来者。为了避免这个问题小鲍比桌(当xml数据包含单引号和注入错误时出错),您可以使用
npgsqlparmeterstring sql0 = string.Format(@"INSERT INTO Public.""UserProfile"" (setting, userstatus, userstatusdescription, id) VALUES ('{0}', true, 'active', 'ddd');", myXml);
NpgsqlParameter p = new NpgsqlParameter("@myXml", NpgsqlTypes.NpgsqlDbType.Xml);
p.Value = myXml;
using (NpgsqlConnection conn = new NpgsqlConnection(connstring))
{
conn.Open();
string myXml = XDocument.Load("G:\\new repo\\setting xmls\\settings.xml").ToString();
NpgsqlCommand dbcmd = conn.CreateCommand();
try
{
string sql = string.Format("SET SEARCH_PATH to Public;");
string sql0 = string.Format(@"INSERT INTO Public.""UserProfile"" (setting, userstatus, userstatusdescription, id) VALUES (@myXml, true, 'active', 'ddd');");
dbcmd.CommandText = sql + sql0;
NpgsqlParameter p = new NpgsqlParameter("@myXml", NpgsqlTypes.NpgsqlDbType.Xml);
p.Value = myXml;
dbcmd.Parameters.Add(p);
dbcmd.ExecuteNonQuery();
}
catch (Exception ex)
{
throw;
}
}
快乐编码!对于后来者。请尝试
string myXml=XDocument.Load(“G:\\new repo\\setting xmls\\settings.xml”)。ToString()string myXml=XDocument.Load(“G:\\new repo\\setting xmls\\settings.xml”)。ToString()