问题描述

嗨frds，

我在使用引号如30's Cotton保存字符串时遇到问题。我想保存这个字符串。



我的保存查询



SqlCommand com = new SqlCommand（insert进入Table_Name值（'+ textBox57.Text +'），con）;



但是我收到了错误。我怎样才能解决这个错误。

请尽快回复我。

谢谢

Hi frds,
I have problem while save the string with quotation mark like 30's Cotton. I want to save this string.

My save query

SqlCommand com = new SqlCommand("insert into Table_Name values('" + textBox57.Text +"')", con);

but i got error. how can i solve this error.
Please reply me as soon as possible.
Thank you

推荐答案

SqlCommand com = new SqlCommand("insert into Table_Name values('" +  Server.HtmlEncode(textBox57.Text +"')", con));

保存到数据库：

https://msdn.microsoft.com/ en-us / library / w3te6wfz％28v = vs.110％29.aspx



从数据库显示：

https：// msdn.microsoft.com/en-us/library/7c5fyk1k%28v=vs.110%29.aspx

To Save to Database:
https://msdn.microsoft.com/en-us/library/w3te6wfz%28v=vs.110%29.aspx

To Display from Database:
https://msdn.microsoft.com/en-us/library/7c5fyk1k%28v=vs.110%29.aspx

SqlCommand com = new SqlCommand("insert into Table_Name values(@MyValue)", con);
cmd.Parameters.AddWithValue("@MyValue", textBox57.Text);

查看以下文章了解更多详情 -

[]



希望，它有帮助：）

Check following article for further details-
Using Parameterized queries to prevent SQL Injection Attacks in SQL Server[^]

Hope, it helps :)

insert into MyTable values (@id, @name) 

和

And

int id = 1;
string name = "30's Cotton";
SqlCommand command = new SqlCommand(commandString, connection);
command.Parameters.AddWithValue("id", id);
command.Parameters.AddWithValue("name", name);
command.ExecuteNonQuery();

-

Happy Codding

--
Happy Codding

这篇关于如何用引号保存字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！