问题描述
我通过了以下问题混为一谈;
I am confused by the following issue;
我有一个C#(WindowsForms)的应用程序,我连接到SQL Server数据库,也没有问题INSERT,SELECT ,更新...直到我开始与数字数据工作;
I have a C# (WindowsForms) application which I connect to a SQL Server DB and have no problem to INSERT, SELECT, UPDATE... until I started to work with numerical data;
此应用程序的目的是管理员工,他们的合同,工作速度,持续时间合同,每小时收费...做与一些有趣的计算,没有任何的魔术的
Purpose of this application is to manage employees, their contracts, rate of work, contracts durations, hourly rates... and do some funny calculations with that, nothing magic.
基本上,我需要存储一些值(十进制?翻一番?浮法?)在我的数据库格式为0000,0000。
Basically, I need to store some values (decimal? double? float?) with the format "0000,0000" in my DB.
-
在我的数据库,我已经把我的桌子全部在这里我需要这些000,0000值的列到十进制
In my DB, I have set my table with all columns where I require these "000,0000" values to decimal
在我的形式,我还没有指定的任何特定属性到我的文本框,
In my forms, I haven't specified any specific properties to my textboxes,
要插入我用我定义的小数参数
To insert I use a method for which I defined decimal arguments
public void createNewContract(int employeeId, string agency, string role, string contractType, string startDate,
string endDate, string lineManager, string reportTo, string costCenter, string functionEng, string atrNo, string atrDate, string prNo, string prDate,
string poNo, string poDate, string comments, decimal duration, decimal workRatePercent, string currency, decimal hourlyRate, decimal value)
{
if (conn.State.ToString() == "Closed")
{
conn.Open();
}
SqlCommand newCmd = conn.CreateCommand();
newCmd.Connection = conn;
newCmd.CommandType = CommandType.Text;
newCmd.CommandText = "INSERT INTO tblContracts (CreatedById, CreationDate, EmployeeId, Role, ContractType, StartDate, "
+ "EndDate, Agency, LineManager, ReportTo, CostCenter, FunctionEng, AtrNo, AtrDate, PrNo, PrDate, PoNo, PoDate, Comments, Duration, WorkRatePercent, Currency, HourlyRate, Value)"
+ "VALUES ('" + connectedUser.getUserId() + "','" + DateTime.Now.ToString("dd/MM/yyyy hh:mm:ss") + "','" + employeeId + "','" + role + "','" + contractType
+ "','" + startDate + "','" + endDate + "','" + agency + "','" + lineManager + "','" + reportTo + "','" + costCenter + "','" + functionEng + "','" + atrNo + "','" + atrDate + "','" + prNo
+ "','" + prDate + "','" + poNo + "','" + poDate + "','" + comments + "','" + duration + "','" + workRatePercent + "','" + currency + "','" + hourlyRate + "','" + value + "')";
newCmd.ExecuteNonQuery();
MessageBox.Show("Contract has been successfully created", "Completed", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
(通过这种方法,我只需要插入为00,0000持续时间(NB小时),workrate个,每小时收费(钱货币)和值(货币资金))
(through this method, I only need to insert as 00,0000 a duration (nb hours), workrate percentage, an hourly rate (money in a currency) and a value (money in a currency))
- 要捕捉我的文本框的值,并通过我的方法createNewContrat'给他们,我已经试过
Convert.ToDecimal(this.txtDuration.Text)和很多其他的事情,似乎好对我来说,但我不设法了解机械师,我肯定不会用最之实践/聪明的解决方案...
我不断收到以下错误;
I keep getting the following error;
的 System.FormatException:文件格式德拉科特迪瓦锚链美国东部时间主菜不正确。 =输入/进入字符串的格式不正确结果
A System.Number.StringToNumber(字符串str的NumberStyles选项,NumberBuffer和放大器;数的NumberFormatInfo信息,布尔parseDecimal)
A System.Number.ParseDecimal(字符串值,选择的NumberStyles,的NumberFormatInfo numfmt)结果
A System.Convert.ToDecimal(字符串值)的
你有什么建议?
推荐答案
首先,始终使用使用带有
实现的SqlConnection
和的SqlCommand
和所有其他打交道时的IDisposable
只是阅读更多关于它的类。
First of all, Always use using
when dealing with SqlConnection
and SqlCommand
and all other classes that implements IDisposable
just read more about it..
第二件事,始终使用参数随的SqlCommand
从不传递值作为一个字符串SQL字符串。这是一个严重的安全问题。除此之外参数使你的代码的人友好!
Second thing, Always use parameters with SqlCommand
and never pass the values as a string to the sql string. This is a serious security issue. In addition to that parameters makes your code human friendly!
// Always use (using) when dealing with Sql Connections and Commands
using (sqlConnection conn = new SqlConnection())
{
conn.Open();
using (SqlCommand newCmd = new SqlCommand(conn))
{
newCmd.CommandType = CommandType.Text;
newCmd.CommandText =
@"INSERT INTO tblContracts (CreatedById, CreationDate, EmployeeId, Role, ContractType, StartDate, EndDate, Agency, LineManager, ReportTo, CostCenter, FunctionEng, AtrNo, AtrDate, PrNo, PrDate, PoNo, PoDate, Comments, Duration, WorkRatePercent, Currency, HourlyRate, Value)
VALUES (@UserID, @CreationDate, @EmployeeID, @Role.....etc)";
// for security reasons (Sql Injection attacks) always use parameters
newCmd.Parameters.Add("@UserID", SqlDbType.NVarChar, 50)
.Value = connectedUser.getUserId();
newCmd.Parameters.Add("@CreationDate", SqlDbType.DateTime)
.Value = DateTime.Now;
// To add a decimal value from TextBox
newCmd.Parameters.Add("@SomeValue", SqlDbType.Decimal)
.Value = System.Convert.ToDecimal(txtValueTextBox.Text);
// complete the rest of the parameters
// ........
newCmd.ExecuteNonQuery();
MessageBox.Show("Contract has been successfully created", "Completed", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
}
这篇关于从插入文本框的值的数值(十进制)数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!