This is my code below. The program runs fine. I don't get any exceptions. But in the end, the table doesn't contain the newly inserted row. (Note, the connection string is correct).
这是我的代码。程序运行正常。我没有任何例外。但最后,该表不包含新插入的行。 (注意,连接字符串是正确的)。
string Name = "myname";
string Age = "myage";
string sql = "INSERT INTO Student (Name, Age) VALUES ('" + Name + "','" + Age + "')";
SqlConnection conn = new SqlConnection(ConfigHelper.GetConnectionString());
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.ExecuteNonQuery();
conn.Close();
2 个解决方案
#1
1
First of all: start using parametrized queries! Otherwise your code is always open to SQL injection attacks - not something you want to have to deal with.
首先:开始使用参数化查询!否则,您的代码始终对SQL注入攻击开放 - 而不是您想要处理的内容。
Assuming you are using this feature (depends on the connection string, which you haven't shown us in the original question): the whole User Instance and AttachDbFileName= approach is flawed - at best! Visual Studio will be copying around the .mdf file and most likely, your INSERT works just fine - but you're just looking at the wrong .mdf file in the end!
假设您正在使用此功能(取决于您在原始问题中未向我们展示的连接字符串):整个用户实例和AttachDbFileName =方法存在缺陷 - 充其量! Visual Studio将复制.mdf文件,很可能,你的INSERT工作得很好 - 但你最后只是查看错误的.mdf文件!
If you want to stick with this approach, then try putting a breakpoint on the myConnection.Close() call - and then inspect the .mdf file with SQL Server Mgmt Studio Express - I'm almost certain your data is there.
如果你想坚持这种方法,那么尝试在myConnection.Close()调用上设置一个断点 - 然后用SQL Server Mgmt Studio Express检查.mdf文件 - 我几乎可以肯定你的数据在那里。
The real solution in my opinion would be to
我认为真正的解决方案是
-
install SQL Server Express (and you've already done that anyway)
安装SQL Server Express(你已经完成了)
-
install SQL Server Management Studio Express
安装SQL Server Management Studio Express
-
create your database in SSMS Express, give it a logical name (e.g.
VictoryDatabase)在SSMS Express中创建数据库,为其指定一个逻辑名称(例如VictoryDatabase)
-
connect to it using its logical database name (given when you create it on the server) - and don't mess around with physical database files and user instances. In that case, your connection string would be something like:
使用其逻辑数据库名称(在服务器上创建时给定)连接到它 - 并且不要乱用物理数据库文件和用户实例。在这种情况下,您的连接字符串将是这样的:
Data Source=.\\SQLEXPRESS;Database=VictoryDatabase;Integrated Security=Trueand everything else is exactly the same as before...
其他一切都和以前完全一样......
#2
4
The primary issue causing the problem you're asking about is that the connection is never opened.
导致问题的主要问题是连接永远不会打开。
You can't execute the command until the connection is open.
在连接打开之前,您无法执行该命令。
There are a few other issues:
还有一些其他问题:
- I see no error handling, which would help you identify the error. There's probably something swallowing your errors so you don't see them.
- 我看到没有错误处理,这将帮助您识别错误。可能有些事情吞噬了你的错误,所以你没有看到它们。
- You're contencating strings, which leaves you open to SQL Injection. I strongly recommend learning about parameterized queries.
- 您正在为字符串提供支持,这使您可以使用SQL注入。我强烈建议您学习参数化查询。
- You're not using a using statement for your connection, which would ensure automatic closing and disposal
- 您没有使用using语句进行连接,这将确保自动关闭和处理
Several best practices are listed here. Here's an excerpt on using the "using" statement properly.
这里列出了几种最佳实践。以下是正确使用“使用”语句的摘录。
Use the "Using" Statement in C#
在C#中使用“Using”语句
For C# programmers, a convenient way to ensure that you always close your Connection and DataReader objects is to use the using statement. The using statement automatically calls Dispose on the object being "used" when leaving the scope of the using statement. For example:
对于C#程序员,确保始终关闭Connection和DataReader对象的便捷方法是使用using语句。在离开using语句的范围时,using语句会自动调用Dispose对被“使用”的对象。例如:
//C#
string connString = "Data Source=localhost;Integrated Security=SSPI;Initial Catalog=Northwind;";
using (SqlConnection conn = new SqlConnection(connString))
{
SqlCommand cmd = conn.CreateCommand();
cmd.CommandText = "SELECT CustomerId, CompanyName FROM Customers";
conn.Open();
using (SqlDataReader dr = cmd.ExecuteReader())
{
while (dr.Read())
Console.WriteLine("{0}\t{1}", dr.GetString(0), dr.GetString(1));
}
}
#1
1
First of all: start using parametrized queries! Otherwise your code is always open to SQL injection attacks - not something you want to have to deal with.
首先:开始使用参数化查询!否则,您的代码始终对SQL注入攻击开放 - 而不是您想要处理的内容。
Assuming you are using this feature (depends on the connection string, which you haven't shown us in the original question): the whole User Instance and AttachDbFileName= approach is flawed - at best! Visual Studio will be copying around the .mdf file and most likely, your INSERT works just fine - but you're just looking at the wrong .mdf file in the end!
假设您正在使用此功能(取决于您在原始问题中未向我们展示的连接字符串):整个用户实例和AttachDbFileName =方法存在缺陷 - 充其量! Visual Studio将复制.mdf文件,很可能,你的INSERT工作得很好 - 但你最后只是查看错误的.mdf文件!
If you want to stick with this approach, then try putting a breakpoint on the myConnection.Close() call - and then inspect the .mdf file with SQL Server Mgmt Studio Express - I'm almost certain your data is there.
如果你想坚持这种方法,那么尝试在myConnection.Close()调用上设置一个断点 - 然后用SQL Server Mgmt Studio Express检查.mdf文件 - 我几乎可以肯定你的数据在那里。
The real solution in my opinion would be to
我认为真正的解决方案是
-
install SQL Server Express (and you've already done that anyway)
安装SQL Server Express(你已经完成了)
-
install SQL Server Management Studio Express
安装SQL Server Management Studio Express
-
create your database in SSMS Express, give it a logical name (e.g.
VictoryDatabase)在SSMS Express中创建数据库,为其指定一个逻辑名称(例如VictoryDatabase)
-
connect to it using its logical database name (given when you create it on the server) - and don't mess around with physical database files and user instances. In that case, your connection string would be something like:
使用其逻辑数据库名称(在服务器上创建时给定)连接到它 - 并且不要乱用物理数据库文件和用户实例。在这种情况下,您的连接字符串将是这样的:
Data Source=.\\SQLEXPRESS;Database=VictoryDatabase;Integrated Security=Trueand everything else is exactly the same as before...
其他一切都和以前完全一样......
#2
4
The primary issue causing the problem you're asking about is that the connection is never opened.
导致问题的主要问题是连接永远不会打开。
You can't execute the command until the connection is open.
在连接打开之前,您无法执行该命令。
There are a few other issues:
还有一些其他问题:
- I see no error handling, which would help you identify the error. There's probably something swallowing your errors so you don't see them.
- 我看到没有错误处理,这将帮助您识别错误。可能有些事情吞噬了你的错误,所以你没有看到它们。
- You're contencating strings, which leaves you open to SQL Injection. I strongly recommend learning about parameterized queries.
- 您正在为字符串提供支持,这使您可以使用SQL注入。我强烈建议您学习参数化查询。
- You're not using a using statement for your connection, which would ensure automatic closing and disposal
- 您没有使用using语句进行连接,这将确保自动关闭和处理
Several best practices are listed here. Here's an excerpt on using the "using" statement properly.
这里列出了几种最佳实践。以下是正确使用“使用”语句的摘录。
Use the "Using" Statement in C#
在C#中使用“Using”语句
For C# programmers, a convenient way to ensure that you always close your Connection and DataReader objects is to use the using statement. The using statement automatically calls Dispose on the object being "used" when leaving the scope of the using statement. For example:
对于C#程序员,确保始终关闭Connection和DataReader对象的便捷方法是使用using语句。在离开using语句的范围时,using语句会自动调用Dispose对被“使用”的对象。例如:
//C#
string connString = "Data Source=localhost;Integrated Security=SSPI;Initial Catalog=Northwind;";
using (SqlConnection conn = new SqlConnection(connString))
{
SqlCommand cmd = conn.CreateCommand();
cmd.CommandText = "SELECT CustomerId, CompanyName FROM Customers";
conn.Open();
using (SqlDataReader dr = cmd.ExecuteReader())
{
while (dr.Read())
Console.WriteLine("{0}\t{1}", dr.GetString(0), dr.GetString(1));
}
}