Sql server 将所有datagridview数据插入sql server中的表中
这个并没有将这些数据添加到表中Sql server 将所有datagridview数据插入sql server中的表中,sql-server,Sql Server,这个并没有将这些数据添加到表中 string StrQuery; try { SqlConnection conn1 = new SqlConnection(conString); SqlCommand comm = new SqlCommand(); comm.Connection = conn; conn.Open();
string StrQuery;
try
{
SqlConnection conn1 = new SqlConnection(conString);
SqlCommand comm = new SqlCommand();
comm.Connection = conn;
conn.Open();
for (int i = 0; i < dataGridView1.Rows.Count; i++)
{
StrQuery = @"INSERT INTO ItemPurchased VALUES ('" + dataGridView2.Rows[i].Cells["InvNo"].Value + "',' " + dataGridView2.Rows[i].Cells["itemCode"].Value + "','" + dataGridView2.Rows[i].Cells["Quantity"].Value + "', '" + dataGridView2.Rows[i].Cells["itemPrice"].Value + "', '" + dataGridView2.Rows[i].Cells["itemDescription"].Value + "');";
comm.CommandText = StrQuery;
comm.ExecuteNonQuery();
}
}
catch { }
字符串StrQuery;
尝试
{
SqlConnection conn1=新的SqlConnection(consting);
SqlCommand comm=新的SqlCommand();
通信连接=连接;
conn.Open();
对于(int i=0;i
首先检查变量连接的名称,在声明语句中使用conn1,然后使用conn设置命令obejct的连接属性
也许您可以改进代码,在SQLServer上创建一个存储过程,并使用它来防止代码的sqlinjection
像这样的
假设表具有与gridview相同的列名称,则创建的过程:
create procedure usp_itempurchased_ins
@InvNo int,
@itemCode int,
@Quantity int,
@itemPrice decimal,
@itemDescription varchar(100)
as
begin
insert ItemPurchased (InvNo, itemCode, Quantity, itemPrice, itemDescription)
values (@InvNo, @itemCode, @Quantity, @itemPrice, @itemDescription)
end
C上的代码#
试试这个,告诉我是否有效
最好的雷鬼也许它抛出了一个例外。但是你不会知道,因为在
catch{}
中没有任何东西可以提醒你。为了你的sql server,请立即停止此操作。这里有一个sql注入的教科书定义。您需要参数化该查询并保护自己。我真的希望.NET不允许空捕获。这不是错误处理,而是错误抑制。
SqlConnection conn = null;
try
{
string connString = string.Format("Password={0};User ID={1};Initial Catalog={2};Data Source={3}", "pasword", "username", "databasename", "servername");
conn = new SqlConnection { ConnectionString = connString };
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.CommandText = "usp_itempurchased_ins";
cmd.Parameters.AddWithValue("@InvNo", dataGridView2.Rows[i].Cells["InvNo"].Value);
cmd.Parameters.AddWithValue("@itemCode", dataGridView2.Rows[i].Cells["itemCode"].Value);
cmd.Parameters.AddWithValue("@Quantity", dataGridView2.Rows[i].Cells["Quantity"].Value);
cmd.Parameters.AddWithValue("@itemPrice", dataGridView2.Rows[i].Cells["itemPrice"].Value);
cmd.Parameters.AddWithValue("@itemDescription", dataGridView2.Rows[i].Cells["itemDescription"].Value);
cmd.ExecuteNonQuery();
cmd.Dispose();
conn.Close();
conn.Dispose();
}
catch (Exception exInsert)
{
conn.Dispose();
LogEventViewer(string.Format("Execution problems on stored procedure usp_itempurchased_ins. {0} Mesage: {1}", Environment.NewLine, exInsert.Message));
}
private void LogEventViewer(string msg)
{
EventLog XYZeventLog = new EventLog();
if (!System.Diagnostics.EventLog.SourceExists("XYZ-LOG"))
{
System.Diagnostics.EventLog.CreateEventSource("XYZ-LOG", "XYZLOG");
}
XYZeventLog.Source = "XYZ-LOG";
XYZeventLog.Log = "XYZLOG";
using (XYZeventLog)
{
XYZeventLog.WriteEntry(msg, EventLogEntryType.Error);
}
}