在 C# 中执行 SQL 语句?
嘿伙计们,我想执行我的 SQL 语句,但我遇到了 synatx 问题,有人可以帮助我理解我做错了什么吗?
谢谢,阿什。
public void AddToDatabase(string[] WordArray, int Good, int Bad, int Remove)
{
for (int WordCount = 0; WordCount < WordArray.Length; WordCount++)
{
string sSQL = "INSERT INTO WordDef (Word, Good, Bad, Remove) VALUES (" + WordArray[WordCount] + ", " + Good + ", " + Bad + ", " + Remove + ")";
Debug.Print(sSQL);
//Private m_recordset As ADODB.Recordset
//Private m_connection As ADODB.Connection
ADODB.Recordset RS;
ADODB.Connection CN ;
CN = new ADODB.Connection();
RS = new ADODB.Recordset();
CN.CursorLocation = ADODB.CursorLocationEnum.adUseClient;
CN.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=doom_calc_dict.mdb;jet OLEDB:database";
CN.Open(CN.ConnectionString,"","",0);
object dummy = Type.Missing;
CN.Execute(sSQL,out dummy,0);
RS.Close();
CN.Close();
//string sSQL = "SELECT Word FROM WordDef WHERE Word='" + WordArray[WordCount] + "'";
DatabaseTools.LoadDataFromDatabase(sSQL);
//DatabaseTools.LoadDataFromDatabase(sSQL);
}
}
Hey guys i want to execute my SQL statement but im having synatx trouble, can someone help me understand what i doin wrong please?
Thanks, Ash.
public void AddToDatabase(string[] WordArray, int Good, int Bad, int Remove)
{
for (int WordCount = 0; WordCount < WordArray.Length; WordCount++)
{
string sSQL = "INSERT INTO WordDef (Word, Good, Bad, Remove) VALUES (" + WordArray[WordCount] + ", " + Good + ", " + Bad + ", " + Remove + ")";
Debug.Print(sSQL);
//Private m_recordset As ADODB.Recordset
//Private m_connection As ADODB.Connection
ADODB.Recordset RS;
ADODB.Connection CN ;
CN = new ADODB.Connection();
RS = new ADODB.Recordset();
CN.CursorLocation = ADODB.CursorLocationEnum.adUseClient;
CN.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=doom_calc_dict.mdb;jet OLEDB:database";
CN.Open(CN.ConnectionString,"","",0);
object dummy = Type.Missing;
CN.Execute(sSQL,out dummy,0);
RS.Close();
CN.Close();
//string sSQL = "SELECT Word FROM WordDef WHERE Word='" + WordArray[WordCount] + "'";
DatabaseTools.LoadDataFromDatabase(sSQL);
//DatabaseTools.LoadDataFromDatabase(sSQL);
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您需要修复的最重要的事情是使用查询参数而不是动态构建字符串。 这将提高性能、维护和安全性。
此外,您希望使用较新的强类型 ADO.Net 对象。 确保为
System.Data.OleDb
添加 using 指令。请注意此代码中的
using
语句。 当您完成连接后,他们将确保您的连接已关闭。 这很重要,因为数据库连接是有限且不受管理的资源。最后,您并没有真正在代码中使用数组。 您真正关心的是迭代单词集合的能力,因此您希望接受
IEnumerable
而不是数组。 不用担心:如果您需要传递一个数组,该函数将接受一个数组作为参数。另一件事:在 OleDb 中使用查询参数时,确保按顺序添加它们非常重要。
更新:已修复以在 VS 2005 / .Net 2.0 上运行(依赖于 VS 2008 功能)。
The most important thing you need to fix is to use query parameters rather than building the string dynamically. This will improve performance, maintenance, and security.
Additionally, you want to use the newer strongly-typed ADO.Net objects. Make sure to add using directives for
System.Data.OleDb
.Notice the
using
statements in this code. They will make sure your connection is closed when you finish with it. This is important because database connections are a limited and unmanaged resource.Finally, you're not really using an array in your code. All you really care about is the ability to iterate over a collection of words, and so you want to accept an
IEnumerable<string>
instead of an array. Don't worry: this function will accept an array as an argument if that's what you need to pass it.One more thing: when using query parameters in OleDb it's important to make sure you add them in order.
Update: Fixed to work on VS 2005 / .Net 2.0 (had relied on VS 2008 features).
乍一看,我似乎没有提供帮助。 但事实上,我是想帮助你,所以请这样吧。 您需要阅读此和< a href="http://msdn.microsoft.com/en-us/magazine/cc163799.aspx" rel="nofollow noreferrer">此 STAT! 完成此操作后,这里有一些好的、干净的 ADO.NET 示例。
It will appear at first that I am not being helpful. But in truth, I am trying to help you, so please take it that way. You need to read this and this STAT! Once you've done that, here are some good, clean ADO.NET examples.
试试这个(并且您应该尝试从应用程序外部运行 SQL):
Try this (and you should try running the SQL from outside your application):
您需要在 SQL 语句中的第一个参数周围添加单引号。
字符和日期字段要求值用“单引号”引起来
You need to add single quotes around the first argument in the SQL Statement.
Character and Date fields require values to be surrounded with 'single quotes'
不,你需要这样:
No you need it like this: