C# 动态构造insert语句
我的insert语句如下所示:C# 动态构造insert语句,c#,sql,dynamic,insert,C#,Sql,Dynamic,Insert,我的insert语句如下所示: using (OleDbCommand cmd2 = conn2.CreateCommand()) { conn2.Open(); cmd2.CommandText = "INSERT INTO Panel " + "([Symbol Name SE], [Symbol Name EP]) " + "VALUES(@Type01, @Type02)"; cmd2.Parameters.AddRange(new OleDbParameter[
using (OleDbCommand cmd2 = conn2.CreateCommand())
{
conn2.Open();
cmd2.CommandText = "INSERT INTO Panel " + "([Symbol Name SE], [Symbol Name EP]) " + "VALUES(@Type01, @Type02)";
cmd2.Parameters.AddRange(new OleDbParameter[]
{
new OleDbParameter("@Type01", variable1),
new OleDbParameter("@Type02", variable2),
});
cmd2.ExecuteNonQuery();
conn2.Close();
}
public void dbQuery(string tablename, string[] columns, string[] values)
{
OleDbConnection conn2 = new OleDbConnection();
using (OleDbCommand cmd2 = conn2.CreateCommand())
{
conn2.Open();
StringBuilder build = new StringBuilder($"INSERT INTO {tablename} {string.Join(",",columns)}");
foreach (string paramValue in values)
{
int count = 0;
string paramName = $"@Type0{count.ToString()}";
build.Append(paramName);
cmd2.Parameters.Add(
new OleDbParameter(paramName, paramValue.ToString()),
);
count++;
}
cmd2.CommandText = build.ToString();
cmd2.ExecuteNonQuery();
conn2.Close();
}
}
请注意字符串空值。我建议您使用一个自定义类来处理列/值管理,如下所示
public class MyCustomColumn
{
public string ColumnName {get; set;}
public object Value {get; set;}
}
CreateGenericInsertFunction(string tableName, MyCustomColumn[] columns)
KeyValuePairTuplestring colList = "";
string valList = "";
foreach (var col in columns)
{
if (colList.length == 0)
{
colList += ", " + col.ColumnName;
}
else
{
colList += col.ColumnName;
}
// repeat for Value
}
// Finally, join it all together.
你的问题是什么?或者你希望我们为你编写所有的代码吗?你可以在这里找到一些有用的想法:@patrickhoffman:我想要一些关于研究内容的建议。到目前为止,我看到使用StringBuilder处理了一些类似的情况,我不确定它是否适用于我的情况。看起来不错。然而,对于在MyCustomColumn类中get和set的用途,我有点困惑。你能解释一下吗?看起来不太好。这个代码非常危险。了解SQL注入攻击。