I have simple form which reads users name,email,and city. I have created a database and a table with fields id,name,email and city. When I run the code I don't encounter any errors or exceptions,but unable to see the inserted data into table. Following is my code
我有简单的表格,可以读取用户名,电子邮件和城市。我创建了一个数据库和一个包含字段ID,名称,电子邮件和城市的表。当我运行代码时,我没有遇到任何错误或异常,但无法将插入的数据看到表中。以下是我的代码
SqlConnection con =
new SqlConnection("Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename=F:\\Database1.mdf;Integrated Security=True");
con.Open();
SqlCommand cmd =
new SqlCommand("insert into tbl_insert values ( " + Convert.ToInt32(txtId.Text) + "," + "'" + txtName.Text + "'" + "," + "'" + txtEmail.Text + "'" + "," + "'" + txtboxCity.Text + "'" + ")", con);
cmd.ExecuteNonQuery();
con.Close();
I have attached my database screenshots. Database design:
我附上了我的数据库截图。数据库设计:
This is output I get after running my code. Output with null value stored:
这是运行我的代码后得到的输出。存储空值的输出:
2 个解决方案
#1
1
Try this
尝试这个
con.Open();
SqlCommand cmd = new SqlCommand(@"insert into tbl_insert values(@name,@email,@add)", con);
cmd.Parameters.AddWithValue("@name", txtname.Text);
cmd.Parameters.AddWithValue("@email", txtemail.Text);
cmd.Parameters.AddWithValue("@add", txtadd.Text);
cmd.ExecuteNonQuery();
con.Close();
i suspect the column id is in Auto Number
我怀疑列ID是自动编号
if not just add another parameter to the query and cmd.Parameters
如果不是只是向查询和cmd.Parameters添加另一个参数
#2
3
You should always use parameterized queries to avoid SQL Injection and get rids from quote problems:
您应该始终使用参数化查询来避免SQL注入并从引用问题中获取rids:
SqlCommand cmd = new SqlCommand("insert into tbl_insert values (@id,@name,@Email,@City)");
cmd.Parameters.AddWithValue("@id", Convert.ToInt32(txtId.Text));
cmd.Parameters.AddWithValue("@name", txtName.Text);
cmd.Parameters.AddWithValue("@Email", txtEmail.Text);
cmd.Parameters.AddWithValue("@City", txtboxCity.Text);
Although specify the type directly and use the Value property is more better than AddWithValue:
虽然直接指定类型并使用Value属性比AddWithValue更好:
cmd.Parameters.Add("@name", SqlDbType.VarChar).Value = txtName.Text;
Can we stop using AddWithValue() already?
我们可以停止使用AddWithValue()吗?
#1
1
Try this
尝试这个
con.Open();
SqlCommand cmd = new SqlCommand(@"insert into tbl_insert values(@name,@email,@add)", con);
cmd.Parameters.AddWithValue("@name", txtname.Text);
cmd.Parameters.AddWithValue("@email", txtemail.Text);
cmd.Parameters.AddWithValue("@add", txtadd.Text);
cmd.ExecuteNonQuery();
con.Close();
i suspect the column id is in Auto Number
我怀疑列ID是自动编号
if not just add another parameter to the query and cmd.Parameters
如果不是只是向查询和cmd.Parameters添加另一个参数
#2
3
You should always use parameterized queries to avoid SQL Injection and get rids from quote problems:
您应该始终使用参数化查询来避免SQL注入并从引用问题中获取rids:
SqlCommand cmd = new SqlCommand("insert into tbl_insert values (@id,@name,@Email,@City)");
cmd.Parameters.AddWithValue("@id", Convert.ToInt32(txtId.Text));
cmd.Parameters.AddWithValue("@name", txtName.Text);
cmd.Parameters.AddWithValue("@Email", txtEmail.Text);
cmd.Parameters.AddWithValue("@City", txtboxCity.Text);
Although specify the type directly and use the Value property is more better than AddWithValue:
虽然直接指定类型并使用Value属性比AddWithValue更好:
cmd.Parameters.Add("@name", SqlDbType.VarChar).Value = txtName.Text;
Can we stop using AddWithValue() already?
我们可以停止使用AddWithValue()吗?