我在asp.net中有以下代码:

using (OleDbCommand command = dbConnW.CreateCommand())
{
    string CreateTableK = null;
    CreateTableK += "Create Table DSKKAR00 (DSK_ID c(10),DSK_KIND N(1),MON_PYM C(3))";
    OleDbCommand cmdCreateTable = new OleDbCommand(CreateTableK, dbConnW);
    cmdCreateTable.ExecuteNonQuery();
    System.Text.StringBuilder sb = new  System.Text.StringBuilder();
    sb.Append(WorkRoomNo + ",");
    sb.Append("1,");
    sb.Append(",");
    OleDbCommand cmd3 = new OleDbCommand("Insert into DSKKAR00 (DSK_ID,DSK_KIND,MON_PYM) Values (" + sb.ToString() + ")", dbConnW);
    cmd3.ExecuteNonQuery();

但是我有以下错误:

最佳答案

除了Chris提供的功能之外,您还使用NULL字符串变量启动CREATE TABLE,然后对其进行+ =。据我所知,NULL + =“anystring”将仍然为空值...您可能也在那里崩溃了。

尽管VFP确实不像其他SQL引擎那样容易受到SQL注入(inject)的影响,但它具有进行参数化的良好习惯。当您这样做时,请使用“?”作为要插入的值的占位符,并以与“?”相同的顺序添加参数代表。

string CreateTableK =
   "Create Table DSKKAR00 (DSK_ID c(10),DSK_KIND N(1),MON_PYM C(3))";

OleDbCommand cmdCreateTable = new OleDbCommand(CreateTableK, dbConnW);
cmdCreateTable.ExecuteNonQuery();

string MyInsert =
   "insert into DSKKAR00 ( dsk_id, dsk_kind, mon_pym ) values ( ?, ?, ? )";
OleDbCommand cmd3 = new OleDbCommand( MyInsert, dbConnW);
cmd3.Parameters.AddWithValue( "parmSlot1", WorkRoomNo );
cmd3.Parameters.AddWithValue( "parmSlot2", 1);
cmd3.Parameters.AddWithValue( "parmSlot3", 'tst' ); // or whatever variable to put
cmd3.ExecuteNonQuery();

关于c# - 如何插入DBF文件(foxpro),我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/9198197/

10-11 23:09
查看更多