Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/.net/24.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# 在datatbase中存储“Sql查询文本”_C#_.net_Ado.net - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# 在datatbase中存储“Sql查询文本”

C# 在datatbase中存储“Sql查询文本”

c# .net

C# 在datatbase中存储“Sql查询文本”,c#,.net,ado.net,C#,.net,Ado.net,我想将sql查询存储在数据库表列中。我想做动态控件和动态数据源。当我将查询放入文本框并执行时,给我一个错误,输入字符串的格式不正确。下面是我的代码 thisCommand.CommandText = "Update Allowance_FormFields set LabelName='" + controlText + "', ControlTypeId=" + Convert.ToInt32(ddlControlTypes.SelectedValue) + ", Control

我想将sql查询存储在数据库表列中。我想做动态控件和动态数据源。当我将查询放入文本框并执行时,给我一个错误,输入字符串的格式不正确。下面是我的代码

thisCommand.CommandText = "Update Allowance_FormFields set LabelName='" +
   controlText + "', ControlTypeId=" + 
   Convert.ToInt32(ddlControlTypes.SelectedValue) + ", ControlOrder=" + 
   txtControlOrder.Text + ", ControlDataSize=" + 
   Convert.ToInt32(ddlControlDataLength.SelectedValue) + "," +
   "ControlData='" + txtControlData.Text + "', AllowanceId=" +  
   Convert.ToInt32(ddlAllowances.SelectedValue) +                 
   "VisibleTo=" + Convert.ToInt32(ddlVisibleTo.SelectedValue) +
   " Where FormFieldId=" + hdnFormControlId.Value + "";
我使用查询从txtControlData.Text中的雇员中选择前2名employeeid,firstname。如何使用。

问题:您缺少对列ControlOrder的转换,因此列ControlOrder将被视为字符串,并检查其周围是否有单引号,如果缺少单引号,则会发出抱怨

解决方案:如果列ControlOrder是INT类型,请像对其他列那样进行转换

试试这个:但我不建议这样做

thisCommand.CommandText = "Update Allowance_FormFields set LabelName='" +
            controlText + "',ControlTypeId=" + Convert.ToInt32(ddlControlTypes.SelectedValue) + ",ControlOrder=" + Convert.ToInt32(txtControlOrder.Text) +",ControlDataSize=" + Convert.ToInt32(ddlControlDataLength.SelectedValue) + "," +
            "ControlData='" + txtControlData.Text + "',AllowanceId=" + Convert.ToInt32(ddlAllowances.SelectedValue) +
            "VisibleTo=" + Convert.ToInt32(ddlVisibleTo.SelectedValue) +" Where FormFieldId=" + hdnFormControlId.Value + "";
建议:您的查询容易受到SQL注入攻击,我强烈建议您使用参数化SQL查询来避免它们

注意:如果使用参数化SQL查询,则可以忽略转换,因为这些参数将以所需类型隐式发送

尝试以下操作:使用参数化SQL查询

本部分可能是数值周围无撇号的问题:

ControlOrder=" + txtControlOrder.Text
我建议你把全部内容写出来,用示例值替换所有文本框值,等等。你可能还会遇到其他打字错误。

这一次,答案是:参数化你的命令字符串。无论如何,您都应该这样做,但这样可以更容易地找到您在命令字符串中犯错误的地方,例如漏掉引号。

设置此command.CommandText后,向我们显示它的值。可能其中一个值不是Int?不,它甚至不计算表达式。执行此表达式时出现错误。但是我的controlOrder列为int数据类型,那么您需要将controlOrder列转换为int。请参阅我编辑的答案谢谢Sudhakar,参数化SQL查询对我有效。 
A few pointers : 
1) Why dont you use stored procedures to perform these kind of operations
2) The answer proposed by Sudhakar is a good option. 
3) In case, if you still want to use the your original method to update database, then make sure the entire commandtext value is of string data type. I see that there is a combination of string and integer values. 
4) You may use apostrophe to bifurcate the values. It is easier to keep track of the string.
5) You may use string builder to create the entire commandtext string. 

A few pointers : 
1) Why dont you use stored procedures to perform these kind of operations
2) The answer proposed by Sudhakar is a good option. 
3) In case, if you still want to use the your original method to update database, then make sure the entire commandtext value is of string data type. I see that there is a combination of string and integer values. 
4) You may use apostrophe to bifurcate the values. It is easier to keep track of the string.
5) You may use string builder to create the entire commandtext string.