我无法使用c#插入我的数据库
尝试将数据插入数据库时出现此错误。
System.Data.dll中发生了未处理的“System.Data.SqlClient.SqlException”类型exception
附加信息:关键字“用户”附近的语法不正确。
这是代码:
if(txtRegisterSecurityAnswerOne.TextLength >0 && txtRegisterSecurityAnswerTwo.TextLength >0) { SqlConnection connection1 = new SqlConnection( Properties.Settings.Default.BlackBookDBConnectionString); System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(); cmd.CommandType = System.Data.CommandType.Text; cmd.CommandText = "INSERT INTO User (Username, Password, SecurityQuestionOne, " + "SecurityQuestionTwo, SecurityAnswerOne, SecurityAnswerTwo); VALUES (" + txtRegisterUsername.Text + "," + txtRegisterPassword.Text + "," + lstRegisterSecurityQuestionOne.SelectedText + "," + lstRegisterSecurityQuestionTwo.SelectedItem + "," + txtRegisterSecurityAnswerOne.Text + "," + txtRegisterSecurityAnswerTwo.Text + ")"; cmd.CommandText = "INSERT INTO USer ()"; cmd.Connection = connection1; connection1.Open(); cmd.ExecuteNonQuery(); connection1.Close(); }
我编辑了我的代码。 但是由于某种原因,它仍然没有在我的数据库中插入任何内容。
if(txtRegisterSecurityAnswerOne.TextLength >0 && txtRegisterSecurityAnswerTwo.TextLength >0) { SqlConnection connection1 = new SqlConnection(Properties.Settings.Default.BlackBookDBConnectionString); string sqlquery = "INSERT INTO [User] (Username,Password,SecurityQuestionOne," + "SecurityAnswerOne,SecurityQuestionTwo,SecurityAnswerTwo) " + "VALUES (@Username,@Password,@QuestionOne,@AnswerOne,@QuestionTwo,@AnswerTwo)"; SqlCommand command = new SqlCommand(sqlquery, connection1); string userName = txtRegisterUsername.Text; command.Parameters.AddWithValue("Username", userName); string password = txtRegisterRepeatPassword.Text; command.Parameters.AddWithValue("Password", password); string questionOne = lstRegisterSecurityQuestionOne.SelectedText; command.Parameters.AddWithValue("QuestionOne", questionOne); string questionTwo = lstRegisterSecurityQuestionTwo.SelectedText; command.Parameters.AddWithValue("QuestionTwo", questionTwo); string answerOne = txtRegisterSecurityAnswerOne.SelectedText; command.Parameters.AddWithValue("AnswerOne", answerOne); string answerTwo = txtRegisterSecurityAnswerTwo.SelectedText; command.Parameters.AddWithValue("AnswerTwo", answerTwo); command.Connection = connection1; connection1.Open(); command.ExecuteNonQuery(); connection1.Close(); }
if(txtRegisterSecurityAnswerOne.TextLength >0 && txtRegisterSecurityAnswerTwo.TextLength >0) { SqlConnection connection1 = new SqlConnection(Properties.Settings.Default.BlackBookDBConnectionString); connection1.Open(); string sqlquery = "INSERT INTO [User] (Username,Password,SecurityQuestionOne," + "SecurityAnswerOne,SecurityQuestionTwo,SecurityAnswerTwo) " + "VALUES (@Username,@Password,@QuestionOne,@AnswerOne,@QuestionTwo,@AnswerTwo)"; SqlCommand command = new SqlCommand(sqlquery, connection1); string userName = txtRegisterUsername.Text; command.Parameters.Add("@Username", SqlDbType.VarChar, 200).Value = userName; string password = txtRegisterRepeatPassword.Text; command.Parameters.Add("@Password", SqlDbType.VarChar, 200).Value = password; string questionOne = lstRegisterSecurityQuestionOne.SelectedText; command.Parameters.Add("@QuestionOne", SqlDbType.VarChar, 200).Value = questionOne; string questionTwo = lstRegisterSecurityQuestionTwo.SelectedText; command.Parameters.Add("@QuestionTwo", SqlDbType.VarChar, 200).Value = questionTwo; string answerOne = txtRegisterSecurityAnswerOne.SelectedText; command.Parameters.Add("@AnswerOne", SqlDbType.VarChar, 200).Value = answerOne; string answerTwo = txtRegisterSecurityAnswerTwo.SelectedText; command.Parameters.Add("@AnswerTwo", SqlDbType.VarChar, 200).Value = answerTwo; command.ExecuteNonQuery(); connection1.Close(); }
删除此行:
cmd.CommandText = "INSERT INTO USer ()";
编辑
查看新代码后,您的参数名称错误(缺少@
)。 您应该将代码更改为:
string userName = txtRegisterUsername.Text; command.Parameters.AddWithValue("@Username", userName); string password = txtRegisterRepeatPassword.Text; command.Parameters.AddWithValue("@Password", password); string questionOne = lstRegisterSecurityQuestionOne.SelectedText; command.Parameters.AddWithValue("@QuestionOne", questionOne); string questionTwo = lstRegisterSecurityQuestionTwo.SelectedText; command.Parameters.AddWithValue("@QuestionTwo", questionTwo); string answerOne = txtRegisterSecurityAnswerOne.SelectedText; command.Parameters.AddWithValue("@AnswerOne", answerOne); string answerTwo = txtRegisterSecurityAnswerTwo.SelectedText; command.Parameters.AddWithValue("@AnswerTwo", answerTwo);
- 删除第二行分配
cmd.CommandText
– 它覆盖第一行 -
User
是SQL服务器中的关键字,如果您有一个具有该名称的表(您不应该将其括起来)放在方括号中:cmd.CommandText = "INSERT INTO [User] ...
在旁注 – 了解参数化查询 。 它们是避免SQL注入攻击的好方法(更不用说混乱的字符串连接)