English 中文(简体)
防止 escaping apos apos apos apos apos que
原标题:Preventing escaping apostrophes with parameter query not working
  • 时间:2011-11-22 21:01:33
  •  标签:
  • sql
  • vb.net

我正试图通过使用SqlConnection的参数化质,防止不得不在我所描述的变数中逃脱热带。 希望得到任何帮助。

UPDATED:这是现行法典......

  Populate Connection Object
 Dim oCnn As New SqlConnection(strConnection)

  Define our sql query
 Dim sSQL As String = "INSERT INTO [" & foreignTable & "] (data_text) VALUES (@data_text) ; "

  Populate Command Object
  Dim oCmd As New SqlCommand(sSQL, oCnn)

   Add up the parameter, associated it with its value

   oCmd.Parameters.AddWithValue("@data_text", data_text)

   Opening Connection for our DB operation  
  oCnn.Open()

  Try
      Dim results As Integer = oCmd.ExecuteScalar
  Catch ex As Exception
      LabelImport.Text &= "<font color=red>ROOT Import ERROR: " & ex.ToString & ", From Database: " & dbName & ", Text String: " & data_text & "</font><br />"
      Throw
  End Try

  oCnn.Close()
  oCmd.Parameters.Clear()

感谢任何帮助。

最佳回答

Yeah说,这是不正确的。

它希望:

Dim sSQL As String = "INSERT INTO [" & foreignTable & "] (data_text) VALUES (@data_text);"

参数:

oCmd.Parameters.AddWithValue("@data_text", data_text)

Note: I don t "think" you can pass the table name as a parameter. You would have to have the table name in the string. See Parametise table name in .Net/SQL?

此外,修改如下:

Dim results As Integer = oCmd.ExecuteScalar

to

Dim results as Integer = oCmd.ExecuteNonQuery()
时间:2011-11-22 21:05:20
问题回答

You can use table name only when creating query (I mean concatenating it from parts: "INSERT INTO " + foreignTable + " (data_text) VALUES..., AFAIK), not as query parameter. Check SqlParameterCollection.AddWithValue on MSDN for more information about SqlCommand parameters, there is very good example as well.

 Populate Connection Object 
Dim oCnn As New SqlConnection(strConnection) 

 Define our sql query 
Dim sSQL As String = "INSERT INTO " & foreignTable & " (data_text) VALUES (@data_text);" 

 Populate Command Object 
Dim oCmd As New SqlCommand(sSQL, oCnn) 

 Add up the parameter, associated it with its value 
oCmd.Parameters.AddWithValue("@data_text", data_text) 

 Opening Connection for our DB operation   
oCnn.Open()

<><>Edit>:

改为&,因为C#作为“母语”。

时间:2011-11-22 21:09:42


上一篇:
下一篇:


相关问题
Is Shared ReadOnly lazyloaded?

I was wondering when I write Shared ReadOnly Variable As DataType = New DataType() Or alternatively Shared ReadOnly Variable As New DataType() Is it lazy loaded or as the instance initializes? ...

时间:2009-11-13 05:22:58 回答:1 展示:1
Entertaining a baby with VB.NET

I would like to write a little application in VB.NET that will detect a baby s cry. How would I get started with such an application?

时间:2009-11-13 03:52:19 回答:2 展示:1
Choose Enter Rather than Pressing Ok button

I have many fields in the page and the last field is a dropdown with list of values. When I select an item in a dropdown and press Enter, it doesn t do the "Ok". Instead I have to manually click on Ok ...

时间:2009-11-09 18:44:51 回答:4 展示:1
ALT Key Shortcuts Hidden

I am using VS2008 and creating forms. By default, the underscore of the character in a textbox when using an ampersand is not shown when I run the application. ex. "&Goto Here" is not ...

时间:2009-11-09 15:38:42 回答:2 展示:1
Set Select command in code

On button Click I want to Set the Select command of a Gridview. I do this and then databind the grid but it doesn t work. What am i doing wrong? protected void bttnView_Click(object sender, ...

时间:2009-11-09 15:06:18 回答:2 展示:1
Hover tooltip on specific words in rich text box?

I m trying to create something like a tooltip suddenly hoovering over the mouse pointer when specific words in the richt text box is hovered over. How can this be done?

时间:2009-11-05 09:43:13 回答:1 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全