如何在c#中从Datatable动态构建插入命令
我在使用c#中的dataTable对象动态创建SQL插入语句时遇到了一些问题。 我想知道制作它的最佳实践。这是我的代码片段,我到目前为止已尝试过。
String sqlCommandInsert = "INSERT INTO dbo.RAW_DATA("; String sqlCommandValue = ""; foreach (DataColumn dataColumn in dataTable.Columns) { sqlCommandInsert += dataColumn + ","; } sqlCommandInsert += sqlCommandInsert.TrimEnd(','); sqlCommandInsert += ") VALUE("; for (int i = 0; i < dataTable.Rows.Count; i++) { sqlCommandValue += "'" + dataTable.Rows[i].ItemArray[i] + "',"; } var insertCommand = sqlCommandInsert; sqlCommandValue = sqlCommandValue.TrimEnd(','); var command = insertCommand + sqlCommandValue + ")"; dataContext.Database.ExecuteSqlCommand(command); 任何建议将不胜感激:)问候。
使用VALUES而不是VALUE 。 除此之外,你应该总是使用sql参数:
string columns = string.Join("," , dataTable.Columns.Cast().Select(c => c.ColumnName)); string values = string.Join("," , dataTable.Columns.Cast ().Select(c => string.Format("@{0}", c.ColumnName))); String sqlCommandInsert = string.Format("INSERT INTO dbo.RAW_DATA({0}) VALUES ({1})" , columns, values); using(var con = new SqlConnection("ConnectionString")) using (var cmd = new SqlCommand(sqlCommandInsert, con)) { con.Open(); foreach (DataRow row in dataTable.Rows) { cmd.Parameters.Clear(); foreach (DataColumn col in dataTable.Columns) cmd.Parameters.AddWithValue("@" + col.ColumnName, row[col]); int inserted = cmd.ExecuteNonQuery(); } }
## Dynamic Update Query from Datatable with Npgsql## public string UpdateExecute(DataTable dataTable, string TableName) { NpgsqlCommand cmd = null; string Result = String.Empty; try { if (dataTable.Columns.Contains("skinData")) dataTable.Columns.Remove("skinData"); string columns = string.Join(",", dataTable.Columns.Cast().Select(c => c.ColumnName)); string values = string.Join(",", dataTable.Columns.Cast ().Select(c => string.Format("@{0}", c.ColumnName))); StringBuilder sqlCommandInsert = new StringBuilder(); sqlCommandInsert.Append("Update " + TableName + " Set "); string[] TabCol = columns.Split(','); string[] TabVal = values.Split(','); for (int i = 0; i < TabCol.Length; i++) { for (int j = 0; j < TabVal.Length; j++) { sqlCommandInsert.Append(TabCol[i] +" = "+ TabVal[i] + ","); break; } } string NpgsqlCommandUpdate= sqlCommandInsert.ToString().TrimEnd(','); NpgsqlCommandUpdate += (" where " + TabCol[0] + "=" + TabVal[0]); using (var con = new NpgsqlConnection("Server=localhost;Port=5432;uid=uapp;pwd=Password;database=Test;")) { con.Open(); foreach (DataRow row in dataTable.Rows) { cmd = new NpgsqlCommand(NpgsqlCommandUpdate.ToString(), con); cmd.Parameters.Clear(); foreach (DataColumn col in dataTable.Columns) cmd.Parameters.AddWithValue("@" + col.ColumnName, row[col]); Result = cmd.ExecuteNonQuery().ToString(); } } } catch (Exception) { Result = "-1"; } return Result; }