C# 在添加数据时,会显示“;参数太少。预期1“;
问题是: 参数太少。预期1 这是我的数据库表: CustomerOrder[CustomerOrder(订单ID、ProdName、ProdPrice、订单数量、CatName、订单日期] 代码:C# 在添加数据时,会显示“;参数太少。预期1“;,c#,C#,问题是: 参数太少。预期1 这是我的数据库表: CustomerOrder[CustomerOrder(订单ID、ProdName、ProdPrice、订单数量、CatName、订单日期] 代码: 我建议您改用参数化查询,因为它可以防止Sql注入攻击 String SqlCommand = "insert into CUSTOMERORDER values (@OrderId, @ProdName,@ProdPrice,@OrderQty, @CatName,@OrderDate)"; SqlC
我建议您改用参数化查询,因为它可以防止Sql注入攻击
String SqlCommand = "insert into CUSTOMERORDER values (@OrderId, @ProdName,@ProdPrice,@OrderQty, @CatName,@OrderDate)";
SqlCommand cmd = new SqlCommand(SqlCommand , //ConnectionString);
cmd.CommandType = CommandType.Text;
conn.Open();
cmd.Parameters.AddWithValue("@OrderId", txtOrderCode.Text);
cmd.Parameters.AddWithValue("@ProdName", txtProdName.Text );
cmd.Parameters.AddWithValue("@ProdPrice", txtProdPrice.Text);
cmd.Parameters.AddWithValue("@OrderQty", txtOrderQty.Text);
cmd.Parameters.AddWithValue("@CatName", txtCatName.Text.Text);
cmd.Parameters.AddWithValue("@OrderDate", txtOrderDate.Text);
cmd.ExecuteNonQuery();
conn.Close();
阅读Sql注入攻击。这样做更容易、更干净,而且最重要的是更安全。此外,在运行Sql命令后查看代码时,您正在设置文本框值。在
值之前缺少空格。Convert.ToString(txtProdName.Text)txtProdName.TextString SqlCommand = "insert into CUSTOMERORDER values (@OrderId, @ProdName,@ProdPrice,@OrderQty, @CatName,@OrderDate)";
SqlCommand cmd = new SqlCommand(SqlCommand , //ConnectionString);
cmd.CommandType = CommandType.Text;
conn.Open();
cmd.Parameters.AddWithValue("@OrderId", txtOrderCode.Text);
cmd.Parameters.AddWithValue("@ProdName", txtProdName.Text );
cmd.Parameters.AddWithValue("@ProdPrice", txtProdPrice.Text);
cmd.Parameters.AddWithValue("@OrderQty", txtOrderQty.Text);
cmd.Parameters.AddWithValue("@CatName", txtCatName.Text.Text);
cmd.Parameters.AddWithValue("@OrderDate", txtOrderDate.Text);
cmd.ExecuteNonQuery();
conn.Close();