1. 首頁
  2. 問答
  3. DataGrid - SQL插入查詢錯誤c#

DataGrid - SQL插入查詢錯誤c#

2014-11-08 84 views
0

我試圖添加到表訪問和數據網格行與SQL查詢。購買沒有成功。有任何想法嗎 ?感謝的 我的SQL查詢:DataGrid - SQL插入查詢錯誤c#

DataBaseIkuns.Instance.InsertToDB(string.Format(DictionaryUtilsDB.dictioneary[DictionaryUtilsDB.CommendTypes.AddObserver], o.ID_Observer, o.Lat, o.Long, o.azimuth)); 

    public static Dictionary<CommendTypes, string> dictioneary = new Dictionary<CommendTypes, string> 
     { 
      {CommendTypes.AddObserver,"Insert into ShowTableObserver(ID_Ob,Lat,Long,Azimuth)" 
      +"values('{0}','{1}','{2}','{3}')"}, 
      {CommendTypes.AzimuthLongLatFromOB,"SELECT ID_Observer,Longitude,Latitude,Azimuth FROM Observer Where ID_Observer = {0}"} 
     }; 



    public void InsertToDB(string sql) // It get the right values - 1,2,3,4 
     { 
      int insert = 0; 
      try 
      { 
       if (con.State.ToString()== "Open") 
       { 
        cmd = new OleDbCommand(); 
        oledbAdapter = new OleDbDataAdapter(); 
        dt = new DataTable(); 
        cmd.Connection = con; 
        cmd.CommandText = sql; 
        insert = cmd.ExecuteNonQuery(); // Here it jump's to the catch. why ? 

        if (insert > 0) 
        { 
         MessageBox.Show("Your Insert successed"); 
        } 
        else 
        { 
         MessageBox.Show("Your Insert failed"); 
        } 

       } 
      } 
      catch (Exception ex) 
      { 
       MessageBox.Show(ex.ToString()); 
      } 
     }

有在該方案屬於代碼中的註釋。 SQL的價值,當它落在:

Insert into ShowTableObserver(ID_Ob,Lat,Long,Azimuth)values('3','31.4','34','150')

來源

2014-11-08 RonYamin

+0

當異常被引發時,你可以給我們'sql'的值嗎? – grovesNL 2014-11-08 20:16:36

+0

是的我編輯問題看一看 – RonYamin 2014-11-08 20:26:53

+0

這將是最重要的知道確切的錯誤消息顯示在catch塊。 – Steve 2014-11-08 20:31:37

回答

0

如果使用OLEDB提供後面的Access數據庫,那麼你有龍字的問題。它是一個保留關鍵字(可能在許多其他數據庫系統中是相同的)。在這種情況下,您需要將字段名稱封裝在方括號中

{CommendTypes.AddObserver,"Insert into ShowTableObserver(ID_Ob,Lat,[Long],Azimuth)"

表示您需要開始使用參數化查詢。你的String.format是另一種字符串連接,導致SQL注入,分析問題和微妙的語法錯誤時,你在你的查詢字符串

例如錯過任何一個單引號或其它類型說明符

public static Dictionary<CommendTypes, string> dictioneary = new Dictionary<CommendTypes, string> 
{ 
    {CommendTypes.AddObserver,"Insert into ShowTableObserver(ID_Ob,Lat,Long,Azimuth)" 
           +"values(?,?,?,?)"}, 
    {CommendTypes.AzimuthLongLatFromOB,"SELECT ID_Observer,Longitude,Latitude,Azimuth " 
           +"FROM Observer Where ID_Observer = ?"} 
}; 


public void InsertToDB(string sql, List<OleDbParameter> parameters) 
{ 
    int insert = 0; 
    try 
    { 
     if (con.State.ToString()== "Open") 
     { 
      using(cmd = new OleDbCommand()); 
      { 
       cmd.Connection = con; 
       cmd.CommandText = sql; 
       cmd.Parameters.AddRange(parameters.ToArray()); 
       insert = cmd.ExecuteNonQuery(); 
      } 
      ........ 
     } 
    } 
    ...... 
}

現在當你打電話給你寫的InsertDB時

DataBaseIkuns.Instance.InsertToDB(string.Format(DictionaryUtilsDB.dictioneary [DictionaryUtilsDB.CommendTypes.AddObserver],,o.Lat,o.Long,o.azimuth));

List<OleDbParameter> parameters = new List<OleDbParameter>(); 
parameters.Add(new OleDbParameter()) 
{ 
     ParameterName = "@p1", OleDbType= OleDbType.VarWChar, Value = o.ID_Observer 
} 
parameters.Add(new OleDbParameter()) 
{ 
     ParameterName = "@p2", OleDbType= OleDbType.VarWChar, Value = o.Lat 
} 
parameters.Add(new OleDbParameter()) 
{ 
     ParameterName = "@p3", OleDbType= OleDbType.VarWChar, Value = o.Long 
} 
parameters.Add(new OleDbParameter()) 
{ 
     ParameterName = "@p4", OleDbType= OleDbType.VarWChar, Value = o.Azimuth 
} 
DataBaseIkuns.Instance.InsertToDB(
    DictionaryUtilsDB.dictioneary[DictionaryUtilsDB.CommendTypes.AddObserver], parameters);

來源

2014-11-08 20:36:49 Steve

+0

。謝謝:) – RonYamin 2014-11-08 20:49:01

+0

我只是改變標題長到經度和它固定.. – RonYamin 2014-11-08 20:49:32

相關問題

 相關問題