将包含方括号/大括号的值插入到 Access 数据库中

发布于 2024-12-05 07:13:37 字数 1047 浏览 1 评论 0原文

使用Taglib-sharp和OLEDB，我正在尝试为音乐文件的文件夹索引，并将上述文件中的所有元数据存储在访问数据库中（我可能会切换到SQL Compact或以后的其他内容，但是我使用的书使用了访问）。下面的代码应检索并存储前1000个文件的元数据在给定文件夹中，并在子文件夹中

OleDbCommand cmd = con.CreateCommand();
DirSearch(@"C:\Users\Stephen\Music");
TagLib.File tagFil;

for (int i = 0; i < 1000; i++)
        {
            tagFil = TagLib.File.Create(filesFound[i]);
            string album = tagFil.Tag.Album;
            string artist = tagFil.Tag.FirstPerformer;
            string title = tagFil.Tag.Title;

            if (album == null)
                album = "Unknown Album";
            if (artist == null)
                artist = "Unknown Artist";
            if (title == null)
                title = "Unknown Track";
            cmd.CommandText = "INSERT INTO Track (Title,Artist,Album,Path) VALUES ('" + title + "','" + artist + "','" + album + "','" + filesFound[i] + "')";
            cmd.ExecuteNonQuery();
        }

进行问题，但是，当标题中的一个标签中有一个括号时，就会发生问题。我明白为什么这会引起问题，但不能如何解决/避免。我尝试了字符串文字等，但看不到它们的工作方式（它们不工作：/）。有更好的想法吗？

原文

Using taglib-sharp and OleDb, I'm attempting to index a folder of music files and store all the metadata from said files in an Access Database (I'll probably switch to SQL Compact or something later but the book I have uses Access). The below code should retrieve and store the metadata of the first 1000 files in a given folder and subfolders

OleDbCommand cmd = con.CreateCommand();
DirSearch(@"C:\Users\Stephen\Music");
TagLib.File tagFil;

for (int i = 0; i < 1000; i++)
        {
            tagFil = TagLib.File.Create(filesFound[i]);
            string album = tagFil.Tag.Album;
            string artist = tagFil.Tag.FirstPerformer;
            string title = tagFil.Tag.Title;

            if (album == null)
                album = "Unknown Album";
            if (artist == null)
                artist = "Unknown Artist";
            if (title == null)
                title = "Unknown Track";
            cmd.CommandText = "INSERT INTO Track (Title,Artist,Album,Path) VALUES ('" + title + "','" + artist + "','" + album + "','" + filesFound[i] + "')";
            cmd.ExecuteNonQuery();
        }

The problem, however, occurs when one of the tags has a bracket in the title. I can see why this would cause a problem but not how to solve/avoid it. I have tried string literals etc but couldn't see how they would work (they don't :/). Any better ideas?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

我要还你自由 2024-12-12 07:13:37

您应该使用参数化查询来完成此任务。

未经测试的代码：

cmd.CommandText = "INSERT INTO Track (Title,Artist,Album,Path) VALUES (?, ?, ?, ?)";
cmd.Parameters.Add(title);
cmd.Parameters.Add(artist);
cmd.Parameters.Add(album);
cmd.Parameters.Add(filesFound[i]);

链接：
http://msdn.microsoft.com/en -us/library/system.data.oledb.oledbcommand.parameters.aspx

您的代码已经适合 SQL 注入了...

You should use parameterized queries to accomplish this .

Untested code:

cmd.CommandText = "INSERT INTO Track (Title,Artist,Album,Path) VALUES (?, ?, ?, ?)";
cmd.Parameters.Add(title);
cmd.Parameters.Add(artist);
cmd.Parameters.Add(album);
cmd.Parameters.Add(filesFound[i]);

Links:
http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbcommand.parameters.aspx

Your code, as is, is ripe for SQL injections...

回复收藏 0 原文

~没有更多了~