C# 中的字符串组合
我试图找出为什么这段代码在 C# 中不起作用以及如何修复它。
string first = "hello";
string second = "look at" + first + "me";
有什么建议吗?
编辑: 抱歉,我认为我犯的错误只是一个简单的新手错误。我想还有更多的事情要做。 这是我的实际代码:
string toolOp = lstToolOpen.SelectedValue.ToString();
string sqlComm = "INSERT INTO ES_TOOL_FACET (esfa_facet, esfa_tool) values (" +
+ toolOp + ", " + cmbFacet.SelectedValue +" ) ";
我得到的错误是:运算符 + 无法应用于“字符串”类型的操作数。第 3 行代码的 toolOp 下有一条红线。
I'm trying to figure out why this code doesn't work in C# and how to fix it.
string first = "hello";
string second = "look at" + first + "me";
Any suggestions?
Edit:
Sorry, I thought that the mistake I was making was a simple newbie error. I guess there's more to it.
This is my actual code:
string toolOp = lstToolOpen.SelectedValue.ToString();
string sqlComm = "INSERT INTO ES_TOOL_FACET (esfa_facet, esfa_tool) values (" +
+ toolOp + ", " + cmbFacet.SelectedValue +" ) ";
The error I get is: Operator + cannot be applied to operand of type 'string'. There's a red line under toolOp on the 3rd line of code.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
toolOp之前有两个+。应该是:话虽如此,我建议您使用参数化查询。请记住,每次在构造 SQL 查询时使用
+运算符时,您都做错了:现在您可以安全地抵御 SQL 注入了。
结论:永远不要在 SQL 查询中使用
+。You have two
+beforetoolOp. It should be:This being said I would recommend you to use parametrized queries. Remember that everytime you use the
+operator when constructing a SQL query you are doing it wrong:Now you are safe against SQL injections.
Conclusion: never use
+with SQL queries.