在 C# 中执行 SQL 语句？

发布于 2024-07-18 07:37:56 字数 1232 浏览 5 评论 0原文

嘿伙计们，我想执行我的 SQL 语句，但我遇到了 synatx 问题，有人可以帮助我理解我做错了什么吗？

谢谢，阿什。

public void AddToDatabase(string[] WordArray, int Good, int Bad, int Remove)
{

    for (int WordCount = 0; WordCount < WordArray.Length; WordCount++)
    {
        string sSQL = "INSERT INTO WordDef (Word, Good, Bad, Remove) VALUES (" + WordArray[WordCount] + ", " + Good + ", " + Bad + ", " + Remove + ")";

        Debug.Print(sSQL);

        //Private m_recordset As ADODB.Recordset
        //Private m_connection As ADODB.Connection
        ADODB.Recordset RS;
        ADODB.Connection CN ;


        CN = new ADODB.Connection();
        RS = new ADODB.Recordset();

        CN.CursorLocation = ADODB.CursorLocationEnum.adUseClient;

        CN.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=doom_calc_dict.mdb;jet OLEDB:database";
        CN.Open(CN.ConnectionString,"","",0);

        object dummy = Type.Missing;

        CN.Execute(sSQL,out dummy,0);

        RS.Close(); 
        CN.Close(); 

        //string sSQL = "SELECT Word FROM WordDef WHERE Word='" + WordArray[WordCount] + "'";
        DatabaseTools.LoadDataFromDatabase(sSQL);
        //DatabaseTools.LoadDataFromDatabase(sSQL);

    }
}

原文

Hey guys i want to execute my SQL statement but im having synatx trouble, can someone help me understand what i doin wrong please?

Thanks, Ash.

public void AddToDatabase(string[] WordArray, int Good, int Bad, int Remove)
{

    for (int WordCount = 0; WordCount < WordArray.Length; WordCount++)
    {
        string sSQL = "INSERT INTO WordDef (Word, Good, Bad, Remove) VALUES (" + WordArray[WordCount] + ", " + Good + ", " + Bad + ", " + Remove + ")";

        Debug.Print(sSQL);

        //Private m_recordset As ADODB.Recordset
        //Private m_connection As ADODB.Connection
        ADODB.Recordset RS;
        ADODB.Connection CN ;


        CN = new ADODB.Connection();
        RS = new ADODB.Recordset();

        CN.CursorLocation = ADODB.CursorLocationEnum.adUseClient;

        CN.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=doom_calc_dict.mdb;jet OLEDB:database";
        CN.Open(CN.ConnectionString,"","",0);

        object dummy = Type.Missing;

        CN.Execute(sSQL,out dummy,0);

        RS.Close(); 
        CN.Close(); 

        //string sSQL = "SELECT Word FROM WordDef WHERE Word='" + WordArray[WordCount] + "'";
        DatabaseTools.LoadDataFromDatabase(sSQL);
        //DatabaseTools.LoadDataFromDatabase(sSQL);

    }
}

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

一曲琵琶半遮面シ 2024-07-25 07:37:56

您需要修复的最重要的事情是使用查询参数而不是动态构建字符串。这将提高性能、维护和安全性。

此外，您希望使用较新的强类型 ADO.Net 对象。确保为 System.Data.OleDb 添加 using 指令。

请注意此代码中的 using 语句。当您完成连接后，他们将确保您的连接已关闭。这很重要，因为数据库连接是有限且不受管理的资源。

最后，您并没有真正在代码中使用数组。您真正关心的是迭代单词集合的能力，因此您希望接受 IEnumerable 而不是数组。不用担心：如果您需要传递一个数组，该函数将接受一个数组作为参数。

public void AddToDatabase(IEnumerable<string> Words, int Good, int Bad, int Remove)
{
    string sql = "INSERT INTO WordDef (Word, Good, Bad, Remove) VALUES (@Word, @Good, @Bad, @Remove)";

    using (OleDbConnection cn = new OleDbConnection("connection string here") )
    using (OleDbCommand cmd = new OleDbCommand(sql, cn))
    {
        cmd.Parameters.Add("@Word", OleDbType.VarChar);
        cmd.Parameters.Add("@Good", OleDbType.Integer).Value = Good;
        cmd.Parameters.Add("@Bad", OleDbType.Integer).Value = Bad;
        cmd.Parameters.Add("@Remove", OleDbType.Integer.Value = Remove;

        cn.Open();

        foreach (string word in Words)
        {
            cmd.Parameters[0].Value = word;
            cmd.ExecuteNonQuery();
        }
    }
}

另一件事：在 OleDb 中使用查询参数时，确保按顺序添加它们非常重要。

更新：已修复以在 VS 2005 / .Net 2.0 上运行（依赖于 VS 2008 功能）。

The most important thing you need to fix is to use query parameters rather than building the string dynamically. This will improve performance, maintenance, and security.

Additionally, you want to use the newer strongly-typed ADO.Net objects. Make sure to add using directives for System.Data.OleDb.

Notice the using statements in this code. They will make sure your connection is closed when you finish with it. This is important because database connections are a limited and unmanaged resource.

Finally, you're not really using an array in your code. All you really care about is the ability to iterate over a collection of words, and so you want to accept an IEnumerable<string> instead of an array. Don't worry: this function will accept an array as an argument if that's what you need to pass it.

public void AddToDatabase(IEnumerable<string> Words, int Good, int Bad, int Remove)
{
    string sql = "INSERT INTO WordDef (Word, Good, Bad, Remove) VALUES (@Word, @Good, @Bad, @Remove)";

    using (OleDbConnection cn = new OleDbConnection("connection string here") )
    using (OleDbCommand cmd = new OleDbCommand(sql, cn))
    {
        cmd.Parameters.Add("@Word", OleDbType.VarChar);
        cmd.Parameters.Add("@Good", OleDbType.Integer).Value = Good;
        cmd.Parameters.Add("@Bad", OleDbType.Integer).Value = Bad;
        cmd.Parameters.Add("@Remove", OleDbType.Integer.Value = Remove;

        cn.Open();

        foreach (string word in Words)
        {
            cmd.Parameters[0].Value = word;
            cmd.ExecuteNonQuery();
        }
    }
}

One more thing: when using query parameters in OleDb it's important to make sure you add them in order.

Update: Fixed to work on VS 2005 / .Net 2.0 (had relied on VS 2008 features).

回复收藏 0 原文

三生一梦 2024-07-25 07:37:56

乍一看，我似乎没有提供帮助。但事实上，我是想帮助你，所以请这样吧。您需要阅读此和< a href="http://msdn.microsoft.com/en-us/magazine/cc163799.aspx" rel="nofollow noreferrer">此 STAT！完成此操作后，这里有一些好的、干净的 ADO.NET 示例。

回复收藏 0 原文

鹿! 2024-07-25 07:37:56

试试这个（并且您应该尝试从应用程序外部运行 SQL）：

string sSQL = "INSERT INTO WordDef (Word, Good, Bad, Remove) VALUES ('" + WordArray[WordCount] + "', " + Good + ", " + Bad + ", " + Remove + ");";

Try this (and you should try running the SQL from outside your application):

string sSQL = "INSERT INTO WordDef (Word, Good, Bad, Remove) VALUES ('" + WordArray[WordCount] + "', " + Good + ", " + Bad + ", " + Remove + ");";

回复收藏 0 原文

双马尾 2024-07-25 07:37:56

您需要在 SQL 语句中的第一个参数周围添加单引号。

string sSQL = "INSERT INTO WordDef (Word, Good, Bad, Remove) VALUES ('" + WordArray[WordCount] + "', " + Good + ", " + Bad + ", " + Remove + ")";

字符和日期字段要求值用“单引号”引起来

You need to add single quotes around the first argument in the SQL Statement.

string sSQL = "INSERT INTO WordDef (Word, Good, Bad, Remove) VALUES ('" + WordArray[WordCount] + "', " + Good + ", " + Bad + ", " + Remove + ")";

Character and Date fields require values to be surrounded with 'single quotes'

回复收藏 0 原文

恋竹姑娘 2024-07-25 07:37:56

不，你需要这样：

string query = "INSERT INTO Table_PersonInfo
(PersonID,Surname
,[Family Name]
,AddsOnName
,Street,Number
,PostalCode
,[City of Birth]
,[Year of Birth]
,[Phone Number])
 VALUES
 ('"+@personID+"'
, '"+ @surname + "' 
, '"+@familyname+"'
, '"+@nameExtension+"'
, '"+@street+"'
, '"+@houseNumber+"'
, '"+ @postalCode+"'
, '"+@yearofbirth+"'
, '"+@placeofbirth+"'
, '"+@phoneNumber+"')";

No you need it like this:

string query = "INSERT INTO Table_PersonInfo
(PersonID,Surname
,[Family Name]
,AddsOnName
,Street,Number
,PostalCode
,[City of Birth]
,[Year of Birth]
,[Phone Number])
 VALUES
 ('"+@personID+"'
, '"+ @surname + "' 
, '"+@familyname+"'
, '"+@nameExtension+"'
, '"+@street+"'
, '"+@houseNumber+"'
, '"+ @postalCode+"'
, '"+@yearofbirth+"'
, '"+@placeofbirth+"'
, '"+@phoneNumber+"')";

回复收藏 0 原文

~没有更多了~