nVarchar 和 SqlParameter

发布于 2024-10-12 20:13:15 字数 345 浏览 10 评论 0原文

我正在开发一个必须支持多种语言的应用程序。为了解决特殊字符问题,我在文本字段中使用 NVarhcar。所以我对文本字段的 SQL 查询是

insert into tbl_text(text)values(N'Chci tančit v oblasti')

我的问题是将其放入 SqlCommand 中,即 “insert into tbl_text(text)values(N@text)”。当然,它会将“N@text”保存在数据库表中。

你们知道有什么办法吗?我正在使用 C# 和 SQL 2008。

很抱歉,如果很难理解我的问题。我的英语很差=/

I'm developing an application which must support several languages. To solve the special characters problem I'm using NVarhcar for my text fields. So my SQL query for a text field is

insert into tbl_text(text)values(N'Chci tančit v oblasti')

My problem is to put it in SqlCommand, wich is "insert into tbl_text(text)values(N@text)". It saves "N@text" in the DB table, sure.

Do you guys know someway to do it? I'm using C# and SQL 2008.

Sorry if it was hard to understand my question. My English is poor =/

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

望她远 2024-10-19 20:13:15

由于这个原因,Add(string, object) 已被弃用(来自 SQL Server 团队的 Pablo Castro):

问题在于 C# 和
VB.NET 编译器将暴露非常
此代码的奇怪行为:

command.Parameters.Add(“@p”, 0);

您可能希望这使用
需要一个对象的重载
为其分配值 0,但改为
它会选择需要的过载
SqlDbType作为第二个参数!在
为了避免这种情况(并且可能
其他)之间的歧义
添加(字符串,sqldbtype)和添加(字符串,
对象),我们弃用了 Add(string,
对象)并引入
AddWithValue(字符串,对象)。在
一般,有多个重载
其中区分参数
类型是“对象”,其中之一是
做危险的事情。

Add(string, object) has been deprecated for this reason (from Pablo Castro of the SQL Server team):

The problem is that both the C# and
the VB.NET compilers will expose very
weird behavior for this code:

command.Parameters.Add(“@p”, 0);

you may expect this to use the
overload that takes an object and
assign the value 0 to it, but instead
it will pick the overload that takes a
SqlDbType as the second parameter! In
order to avoid this (and potentially
others) ambiguity between the
Add(string, sqldbtype) and Add(string,
object), we deprecated Add(string,
object) and introduced
AddWithValue(string, object). In
general, having multiple overloads
where the distinguishing parameter
type is “object” in one of them is a
dangerous thing to do.

浮萍、无处依 2024-10-19 20:13:15

您应该使用 SqlParameters 参数化您的插入,这允许您明确指定数据类型。 (此外,它还可以让您免去弄清楚查询引起的 SQL 服务器注入攻击的麻烦)。

示例:

SqlCommand cmd  = new SqlCommand("insert into tbl_text (text) values(@MYTEXT)", myConnection);
cmd.Parameters.Add(new SqlParameter("@MYTEXT", SqlDbType.NVarChar)).Value = "Chci tančit v";
cmd.ExecuteNonQuery();

You should parametrize your inserts with SqlParameters which allow you to specify the datatype explicitly. (Also it saves you the headache of figuring out the SQL server injection attack your query caused).

Example:

SqlCommand cmd  = new SqlCommand("insert into tbl_text (text) values(@MYTEXT)", myConnection);
cmd.Parameters.Add(new SqlParameter("@MYTEXT", SqlDbType.NVarChar)).Value = "Chci tančit v";
cmd.ExecuteNonQuery();
负佳期 2024-10-19 20:13:15

不要在参数名称前加上“N”,它仅在使用字符串常量时使用,表明它是unicode字符串。所以你的查询应该是:

insert into tbl_text(text) values (@text)

Don't put "N" before the parameter name, it is only used when using string constant to indicate it is a unicode string. So your query should be:

insert into tbl_text(text) values (@text)
半仙 2024-10-19 20:13:15

使用SQLParameters

这是一个简单的例子:

var cmd = _dbCon.CreateCommand();
cmd.CommandText =
    "insert into tbl_text (textfield) values(@textfield)";
cmd.Parameters.Add(new SQLParameter("@textfield", "Chci tančit v oblasti"));
cmd.ExecuteScalar();

Use SQLParameters.

Here is a simple example:

var cmd = _dbCon.CreateCommand();
cmd.CommandText =
    "insert into tbl_text (textfield) values(@textfield)";
cmd.Parameters.Add(new SQLParameter("@textfield", "Chci tančit v oblasti"));
cmd.ExecuteScalar();
月亮坠入山谷 2024-10-19 20:13:15

这是简单的例子

String filePath = @"D:\" + FileName;
SqlCommand command = new SqlCommand();
command.Connection = connection;
command.CommandText = 
    @"DECLARE @TraceId INT = (SELECT MAX(id) FROM sys.traces WITH (NOLOCK))
    SET @TraceId=@TraceId+1

    DECLARE @File NVARCHAR(256);
    Set @File= (@filePath)

    SET @TraceId=@TraceId+1 --Var olandan bir fazla

    DECLARE @MaxFileSize BIGINT = 1 /* max size of file as MegaByte*/
    DECLARE @FileCount INT = 1024 /* max file count for write*/

    exec sp_trace_create @traceid = @TraceId OUTPUT,
                                    @options = 2,
                                    @tracefile = @File,
                                    @maxfilesize = @MaxFileSize, 
                                    @stoptime = NULL,
                                    @filecount = @FileCount

    SELECT @TraceId";

command.Parameters.Add(new SqlParameter("@filePath", SqlDbType.NVarChar)).Value = filePath;

Here is Simple Example

String filePath = @"D:\" + FileName;
SqlCommand command = new SqlCommand();
command.Connection = connection;
command.CommandText = 
    @"DECLARE @TraceId INT = (SELECT MAX(id) FROM sys.traces WITH (NOLOCK))
    SET @TraceId=@TraceId+1

    DECLARE @File NVARCHAR(256);
    Set @File= (@filePath)

    SET @TraceId=@TraceId+1 --Var olandan bir fazla

    DECLARE @MaxFileSize BIGINT = 1 /* max size of file as MegaByte*/
    DECLARE @FileCount INT = 1024 /* max file count for write*/

    exec sp_trace_create @traceid = @TraceId OUTPUT,
                                    @options = 2,
                                    @tracefile = @File,
                                    @maxfilesize = @MaxFileSize, 
                                    @stoptime = NULL,
                                    @filecount = @FileCount

    SELECT @TraceId";

command.Parameters.Add(new SqlParameter("@filePath", SqlDbType.NVarChar)).Value = filePath;
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文