1. 首頁
  2. 問答
  3. 在數據庫中存儲'Sql查詢文本'

在數據庫中存儲'Sql查詢文本'

2013-12-23 44 views
1

我想將sql查詢存儲在數據庫表列中。我想要做動態控件和動態數據源。當我把查詢放入文本框並執行它給我一個錯誤Input string was not in a correct format.下面是我的代碼。在數據庫中存儲'Sql查詢文本'

thisCommand.CommandText = "Update Allowance_FormFields set LabelName='" + 
    controlText + "', ControlTypeId=" + 
    Convert.ToInt32(ddlControlTypes.SelectedValue) + ", ControlOrder=" + 
    txtControlOrder.Text + ", ControlDataSize=" + 
    Convert.ToInt32(ddlControlDataLength.SelectedValue) + "," + 
    "ControlData='" + txtControlData.Text + "', AllowanceId=" + 
    Convert.ToInt32(ddlAllowances.SelectedValue) +     
    "VisibleTo=" + Convert.ToInt32(ddlVisibleTo.SelectedValue) + 
    " Where FormFieldId=" + hdnFormControlId.Value + "";

我在txtControlData.Text中使用查詢select top 2 employeeid,firstname from employees。如何使用它。

來源

2013-12-23 Rajaram Shelar

+0

向我們展示thisCommand.CommandText在設置後的值。它可能是其中一個值不是Int? –

+0

不,它甚至沒有評估表達。執行此表達式時發生錯誤。 –

回答

3

問題:你缺少ConversionControlOrder列,所以列ControlOrder將被視爲String和檢查周圍single quotes和他們缺少它會抱怨。

解決方案:如果列ControlOrderINT類型plese在您爲其他列執行轉換。

試試這個:但我不建議這

thisCommand.CommandText = "Update Allowance_FormFields set LabelName='" + 
      controlText + "',ControlTypeId=" + Convert.ToInt32(ddlControlTypes.SelectedValue) + ",ControlOrder=" + Convert.ToInt32(txtControlOrder.Text) +",ControlDataSize=" + Convert.ToInt32(ddlControlDataLength.SelectedValue) + "," + 
      "ControlData='" + txtControlData.Text + "',AllowanceId=" + Convert.ToInt32(ddlAllowances.SelectedValue) + 
      "VisibleTo=" + Convert.ToInt32(ddlVisibleTo.SelectedValue) +" Where FormFieldId=" + hdnFormControlId.Value + "";

建議:查詢是開放的SQL injection attacks,我會強烈建議您使用parameterised sql queries避免。

注意:如果您使用parameterised SQL queries您可以忽略轉換,因爲這些參數將隱式發送所需的類型。

試試這個:使用parameterised SQL queries

thisCommand.CommandText=thisCommand.CommandText = "Update Allowance_FormFields set [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected]    Where [email protected]"; 
thisCommand.Parameters.AddWithValue("@LabelName",controlText); 
thisCommand.Parameters.AddWithValue("@ControlTypeId",ddlControlTypes.SelectedValue); 
thisCommand.Parameters.AddWithValue("@ControlOrder",txtControlOrder.Text); 
thisCommand.Parameters.AddWithValue("@ControlDataSize",ddlControlDataLength.SelectedValue); 
thisCommand.Parameters.AddWithValue("@ControlData",txtControlData.Text); 
thisCommand.Parameters.AddWithValue("@AllowanceId",ddlAllowances.SelectedValue); 
thisCommand.Parameters.AddWithValue("@VisibleTo",ddlVisibleTo.SelectedValue); 
thisCommand.Parameters.AddWithValue("@FormFieldId",hdnFormControlId.Value);

來源

2013-12-23 04:26:46

+0

但我的controlOrder列的int數據類型爲 –

+1

,那麼你需要將列'ControlOrder'轉換爲'INT'請參閱我編輯的答案 –

+0

感謝Sudhakar,參數化SQL查詢適合我。 –

0

這部分可能是問題(圍繞價值沒有引號):

ControlOrder=" + txtControlOrder.Text

我建議你寫了整個事情了,代樣本所有TextBox值的值等。您也可能會遇到其他錯別字。

來源

2013-12-23 04:27:32

0

有一次,答案真的是:參數化你的命令字符串。無論如何,你應該這樣做,但它會讓你更容易找到你在命令字符串中犯了錯誤的地方,比如忽略引號。

來源

2013-12-23 04:27:59 TJennings

0 
A few pointers : 
1) Why dont you use stored procedures to perform these kind of operations 
2) The answer proposed by Sudhakar is a good option. 
3) In case, if you still want to use the your original method to update database, then make sure the entire commandtext value is of string data type. I see that there is a combination of string and integer values. 
4) You may use apostrophe to bifurcate the values. It is easier to keep track of the string. 
5) You may use string builder to create the entire commandtext string.

來源

2013-12-23 04:45:15 Krishna

相關問題

 相關問題