本文介绍了如何在c#中修复此错误?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 29岁程序员,3月因学历无情被辞! 我的程序中有一个表单,它有名称,年份,导演,质量,大小(所有这些都有文本框)当我写这些文本框的东西并点击添加我得到这个错误: System.Data.dll中发生了'System.Data.SqlClient.SqlException'类型的未处理异常 附加信息:字符串'954MB'后的未闭合引号。 i知道我写的是这样的:'954MB')'。但我不知道如何在C#上做它我只能在sql server上写它。这是我的表格代码: i have a form on my program , it have name , year , director , quality , size ( all of this have text box ) when i write something to those text boxes and click on add i get this error :An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dllAdditional information: Unclosed quotation mark after the character string '954MB)'.i know that i have write it like this : '954MB')'. but i dont know how to do it on C# i just can write it on sql server. this is my code of that form :private void BtnٍEdit_Click(object sender, EventArgs e) { String sqlcon = "Data Source=desktop-nee5996\\shadow;Initial Catalog=Filelib;Integrated Security=True"; SqlConnection cn = new SqlConnection(sqlcon); try { cn.Open(); if (TxtName.Text == "") { MessageBox.Show("Please Insert Name.", "Message", MessageBoxButtons.OK, MessageBoxIcon.Information); } else { SqlStr = "insert into Filelib (Id_Files,"; SqlStr = SqlStr + " Name,"; SqlStr = SqlStr + " Year,"; SqlStr = SqlStr + " Director,"; SqlStr = SqlStr + " Quality,"; SqlStr = SqlStr + " Size) "; SqlStr = SqlStr + " Values("; SqlStr = SqlStr + "'" + TxtId_Files.Text + "',"; SqlStr = SqlStr + "'" + TxtName.Text + "',"; SqlStr = SqlStr + "'" + TxtYear.Text + "',"; SqlStr = SqlStr + "'" + TxtDirector.Text + "',"; SqlStr = SqlStr + "'" + TxtQuality.Text + "',"; SqlStr = SqlStr + "'" + TxtSize.Text + ")"; sqlcmd = new SqlCommand(SqlStr, cn); sqlcmd.ExecuteNonQuery(); MessageBox.Show("Save Successefully.", "Message", MessageBoxButtons.OK, MessageBoxIcon.Information); clear(); } } finally { cn.Close(); } } public void clear() { TxtName.Text = ""; TxtYear.Text = ""; TxtDirector.Text = ""; TxtQuality.Text = ""; TxtSize.Text = ""; } 我该如何解决?顺便说一句,英语是我的第二语言 - 对不起,如果我输入错误的单词。how can i fix it ? by the way english is my second language - excuse me if i type words wrong.推荐答案立即解决方案是在语句中添加缺少的最后一个引号:The immediate solution is to add the missing last quotation mark to the statement:SqlStr = SqlStr + "'" + TxtSize.Text + "')"; 但是,我建议不要将控件中的数据直接连接到SQL语句。这使您可以完全接受SQL注入。相反,使用 SQLParameter [ ^ ]。 总的来说,你的代码应该类似于However, I suggest not concatenating the data from controls directly to the SQL statement. This leaves you wide open to SQL injections. Instead, use SQLParameter[^].So in overall your code should look something likeSqlStr = @"INSERT INTO Filelib (Id_Files, Name, Year, Director, Quality, Size)VALUES (@Id_Files, @Name, @Year, @Director, @Quality, @Size)";using(sqlcmd = new SqlCommand(SqlStr, cn)) { sqlcmd.Parameters.AddWithValue("@Id_Files", TxtId_Files.Text); sqlcmd.Parameters.AddWithValue("@Name", TxtName.Text); sqlcmd.Parameters.AddWithValue("@Year", TxtYear.Text); sqlcmd.Parameters.AddWithValue("@Director", TxtDirector.Text); sqlcmd.Parameters.AddWithValue("@Quality", TxtQuality.Text); sqlcmd.Parameters.AddWithValue("@Size", TxtSize.Text); sqlcmd.ExecuteNonQuery();} 另外建议将命令包装到定义连接的使用块中。 如需更多讨论,请查看正确执行数据库操作 [ ^ ] 这篇关于如何在c#中修复此错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云!
07-22 11:31
查看更多