如何插入 DBF 文件 (foxpro)
我在 asp.net 中有以下代码:
using (OleDbCommand command = dbConnW.CreateCommand())
{
string CreateTableK = null;
CreateTableK += "Create Table DSKKAR00 (DSK_ID c(10),DSK_KIND N(1),MON_PYM C(3))";
OleDbCommand cmdCreateTable = new OleDbCommand(CreateTableK, dbConnW);
cmdCreateTable.ExecuteNonQuery();
System.Text.StringBuilder sb = new System.Text.StringBuilder();
sb.Append(WorkRoomNo + ",");
sb.Append("1,");
sb.Append(",");
OleDbCommand cmd3 = new OleDbCommand("Insert into DSKKAR00 (DSK_ID,DSK_KIND,MON_PYM) Values (" + sb.ToString() + ")", dbConnW);
cmd3.ExecuteNonQuery();
但出现以下错误:
语法错误
I have the following code in asp.net:
using (OleDbCommand command = dbConnW.CreateCommand())
{
string CreateTableK = null;
CreateTableK += "Create Table DSKKAR00 (DSK_ID c(10),DSK_KIND N(1),MON_PYM C(3))";
OleDbCommand cmdCreateTable = new OleDbCommand(CreateTableK, dbConnW);
cmdCreateTable.ExecuteNonQuery();
System.Text.StringBuilder sb = new System.Text.StringBuilder();
sb.Append(WorkRoomNo + ",");
sb.Append("1,");
sb.Append(",");
OleDbCommand cmd3 = new OleDbCommand("Insert into DSKKAR00 (DSK_ID,DSK_KIND,MON_PYM) Values (" + sb.ToString() + ")", dbConnW);
cmd3.ExecuteNonQuery();
But I have the following error:
Syntax error
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
除了 Chris 提供的之外,您还可以使用 NULL 字符串变量来启动 CREATE TABLE,然后对其执行 += 操作。据我所知, NULL += "anystring" 将保留为空值...您可能也会在那里崩溃。
虽然 VFP 并不像其他 SQL 引擎那样容易受到 SQL 注入的影响,但它有进行参数化的好习惯。当你这样做时,使用“?”作为要插入的值的占位符,并按照与“?”相同的顺序添加参数。代表。
In addition to what Chris has offered, you are starting your CREATE TABLE with a NULL string variable, then doing a += to it. From what I remember, a NULL += "anystring" will remain a null value... You might be crashing right there too.
Although VFP is not really suceptible to SQL Injection like other SQL engines, its good habit to do parameterizing. When you do, use "?" as a place-holder for the value you want to insert, and add parameters in the same order sequence as the "?" represent.
首先,每当您遇到错误时,通常最好发布您收到的整个错误消息。
此外,当尝试调试查询问题时,您应该发出发送到服务器/数据库的实际查询并检查它。这样你就可以发现各种问题,比如逗号太多。
说到这里,看看你的代码,你正在连接一个字符串,看起来确实有太多逗号。
发出的查询如下所示:
其中 X 是 WorkRoomNo 变量的值。
显然,这不是有效的语法,并且会导致您看到的错误。逗号表示传递了 4 个值,但插入查询仅标识 3 列。
下一个问题与列定义本身有关。该表的第一列是 ac(10);第三个是ac(3)。我有点生疏了,但是那些不是字符字段吗?
如果是这样,那么您需要调整字符串生成器以在值周围添加适当的引号...
这导致我们遇到最后一个问题:不要使用字符串连接来构建查询。使用参数化查询
First off, any time you have an error it's usually best to post the entire error message you get.
Also, when trying to debug a query problem, you should emit the actual query being sent to your server/database and inspect it. This way you can find various problems like too many commas.
Speaking of which, looking at your code, you are concatenating a String and it really looks like you have way too many commas.
The emitted query looks like it will be:
where X is the value of your WorkRoomNo variable.
Obviously, that isn't valid syntax and would result in the error you've seen. The commas indicate there are 4 values being passed, but the insert query only identifies 3 columns.
The next issue has to do with the column definitions themselves. The first column of that table is a c(10); the third is a c(3). I'm a little rusty, but aren't those character fields?
If so then you need to adjust your string builder to add the appropriate quotes around the values...
Which leads us to the final problem: Don't use String concatentation to build queries. Use Parameterized queries