C# 使用c将图像的完整路径插入MySQL#
我需要将图像的完整路径从c#表单存储到MySQL数据库中,并编写以下代码来实现这一点:C# 使用c将图像的完整路径插入MySQL#,c#,mysql,C#,Mysql,我需要将图像的完整路径从c#表单存储到MySQL数据库中,并编写以下代码来实现这一点: string correctFileName3 = System.IO.Path.GetFileName(dialog.FileName); string ApplicationPath = Application.StartupPath.Substring(0, Application.StartupPath.Length - 10); ApplicationPath = ApplicationPath.
string correctFileName3 = System.IO.Path.GetFileName(dialog.FileName);
string ApplicationPath = Application.StartupPath.Substring(0, Application.StartupPath.Length - 10);
ApplicationPath = ApplicationPath.Replace("\\", "\\\\");
string consultant_logo = ApplicationPath + "\\images\\" + correctFileName3;
我想通过此插入查询将consultant_徽标作为字符串插入数据库:
String insertQuery = "Insert Into ubc.projectinfo(`projectName`, `companyName`, `projectNumber`,
`projAddress`, `nameOfConCompany`, `consultantPhone`, `nameOfEng1`, `nameOfEng2`, `nameOfEng3`,
`consultantAddress`, `phoneEng1`, `phoneEng2`, `phoneEng3`,`ubc_logo`, `company_logo`, `consultant_logo`)
VALUES ('" + projectNameText.Text + "','" + companyNameText.Text + "' ,'" + projectNumber.Text + "','"+
projAddress.Text+ "','"+ nameOfConCompany.Text+ "','"+consultantPhone.Text+"', '"+ nameOfEng1.Text + "',
'"+ nameOfEng2.Text+ "', '"+ nameOfEng3.Text+ "' , '"+consultantAddress.Text+"','"+ phoneEng1.Text+ "',
'"+ phoneEng2.Text + "','"+ phoneEng3.Text + "', '"+ubc_logo+"','"+company_logo+"',
'"+consultant_logo+"')";
但是这个错误发生在“您的SQL语法有错误”
insertQuery=$“插入ubc.projectinfo('projectName','companyName','projectNumber','projAddress','ncompany','consultantPhone','nameOfEng1','nameOfEng2','nameOfEng3','consultantAddress','phoneEng1','phoneEng2','phoneEng3','ubc_logo','company_logo','consultant_logo')值({projectNameText Text.Text},{companyNameText.Text}、{projectNumber.Text}、{projAddress.Text}、{nameofcompany.Text}、{consultantPhone.Text}、{nameOfEng1.Text}、{nameOfEng2.Text}、{nameOfEng3.Text}、{consultantAddress.Text}、{phoneEng1.Text}、{phoneEng2.Text}、{phoneEng3.Text}、{ubc@logo}、{是否有一个特殊的原因,为什么不使用这样的预处理语句?使用参数化查询可以避免大多数语法错误,因为您不必担心是否正确放置每个引号和括号。此外,它还可以避免SQL注入漏洞。但是,如果您知道如何编写SQL,并且查看