1. 首页
  2. 问答
  3. DataGrid - SQL插入查询错误c#

DataGrid - SQL插入查询错误c#

2014-11-08 72 views
0

我试图添加到表访问和数据网格行与SQL查询。购买没有成功。有任何想法吗 ?感谢的 我的SQL查询:DataGrid - SQL插入查询错误c#

DataBaseIkuns.Instance.InsertToDB(string.Format(DictionaryUtilsDB.dictioneary[DictionaryUtilsDB.CommendTypes.AddObserver], o.ID_Observer, o.Lat, o.Long, o.azimuth)); 

    public static Dictionary<CommendTypes, string> dictioneary = new Dictionary<CommendTypes, string> 
     { 
      {CommendTypes.AddObserver,"Insert into ShowTableObserver(ID_Ob,Lat,Long,Azimuth)" 
      +"values('{0}','{1}','{2}','{3}')"}, 
      {CommendTypes.AzimuthLongLatFromOB,"SELECT ID_Observer,Longitude,Latitude,Azimuth FROM Observer Where ID_Observer = {0}"} 
     }; 



    public void InsertToDB(string sql) // It get the right values - 1,2,3,4 
     { 
      int insert = 0; 
      try 
      { 
       if (con.State.ToString()== "Open") 
       { 
        cmd = new OleDbCommand(); 
        oledbAdapter = new OleDbDataAdapter(); 
        dt = new DataTable(); 
        cmd.Connection = con; 
        cmd.CommandText = sql; 
        insert = cmd.ExecuteNonQuery(); // Here it jump's to the catch. why ? 

        if (insert > 0) 
        { 
         MessageBox.Show("Your Insert successed"); 
        } 
        else 
        { 
         MessageBox.Show("Your Insert failed"); 
        } 

       } 
      } 
      catch (Exception ex) 
      { 
       MessageBox.Show(ex.ToString()); 
      } 
     }

有在该方案属于代码中的注释。 SQL的价值,当它落在:

Insert into ShowTableObserver(ID_Ob,Lat,Long,Azimuth)values('3','31.4','34','150')

来源

2014-11-08 RonYamin

+0

当异常被引发时,你可以给我们'sql'的值吗? – grovesNL 2014-11-08 20:16:36

+0

是的我编辑问题看一看 – RonYamin 2014-11-08 20:26:53

+0

这将是最重要的知道确切的错误消息显示在catch块。 – Steve 2014-11-08 20:31:37

回答

0

如果使用OLEDB提供后面的Access数据库,那么你有龙字的问题。它是一个保留关键字(可能在许多其他数据库系统中是相同的)。在这种情况下,您需要将字段名称封装在方括号中

{CommendTypes.AddObserver,"Insert into ShowTableObserver(ID_Ob,Lat,[Long],Azimuth)"

表示您需要开始使用参数化查询。你的String.format是另一种字符串连接,导致SQL注入,分析问题和微妙的语法错误时,你在你的查询字符串

例如错过任何一个单引号或其它类型说明符

public static Dictionary<CommendTypes, string> dictioneary = new Dictionary<CommendTypes, string> 
{ 
    {CommendTypes.AddObserver,"Insert into ShowTableObserver(ID_Ob,Lat,Long,Azimuth)" 
           +"values(?,?,?,?)"}, 
    {CommendTypes.AzimuthLongLatFromOB,"SELECT ID_Observer,Longitude,Latitude,Azimuth " 
           +"FROM Observer Where ID_Observer = ?"} 
}; 


public void InsertToDB(string sql, List<OleDbParameter> parameters) 
{ 
    int insert = 0; 
    try 
    { 
     if (con.State.ToString()== "Open") 
     { 
      using(cmd = new OleDbCommand()); 
      { 
       cmd.Connection = con; 
       cmd.CommandText = sql; 
       cmd.Parameters.AddRange(parameters.ToArray()); 
       insert = cmd.ExecuteNonQuery(); 
      } 
      ........ 
     } 
    } 
    ...... 
}

现在当你打电话给你写的InsertDB时

DataBaseIkuns.Instance.InsertToDB(string.Format(DictionaryUtilsDB.dictioneary [DictionaryUtilsDB.CommendTypes.AddObserver],,o.Lat,o.Long,o.azimuth));

List<OleDbParameter> parameters = new List<OleDbParameter>(); 
parameters.Add(new OleDbParameter()) 
{ 
     ParameterName = "@p1", OleDbType= OleDbType.VarWChar, Value = o.ID_Observer 
} 
parameters.Add(new OleDbParameter()) 
{ 
     ParameterName = "@p2", OleDbType= OleDbType.VarWChar, Value = o.Lat 
} 
parameters.Add(new OleDbParameter()) 
{ 
     ParameterName = "@p3", OleDbType= OleDbType.VarWChar, Value = o.Long 
} 
parameters.Add(new OleDbParameter()) 
{ 
     ParameterName = "@p4", OleDbType= OleDbType.VarWChar, Value = o.Azimuth 
} 
DataBaseIkuns.Instance.InsertToDB(
    DictionaryUtilsDB.dictioneary[DictionaryUtilsDB.CommendTypes.AddObserver], parameters);

来源

2014-11-08 20:36:49 Steve

+0

。谢谢:) – RonYamin 2014-11-08 20:49:01

+0

我只是改变标题长到经度和它固定.. – RonYamin 2014-11-08 20:49:32

相关问题

 相关问题