我有以下方法将数据插入到访问数据库中,该方法工作正常,但如果我尝试插入包含我学到的单引号的文本,我确实会遇到问题。
[WebMethod]
public void bookRatedAdd(string title, int rating, string review, string ISBN, string userName)
{
OleDbConnection conn;
conn = new OleDbConnection(@"Provider=Microsoft.Jet.OleDb.4.0;
Data Source=" + Server.MapPath("App_Data\\BookRateInitial.mdb"));
conn.Open();
OleDbCommand cmd = conn.CreateCommand();
cmd.CommandText = @"INSERT INTO bookRated([title], [rating], [review], [frnISBN], [frnUserName])VALUES('" + title + "', '" + rating + "','" + review + "','" + ISBN + "', '" + userName + "')";
cmd.ExecuteNonQuery();
conn.Close();
}
据我了解,解决问题的方法之一是使用参数。说实话,我不知道该怎么做。如何更改上述代码以便使用参数插入数据?
与任何其他查询相同:
a) 替换您的实际硬编码参数OleDbCommand http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbcommand.aspx带有占位符(前缀为@
),
b) 添加实例OleDbParameter http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbparameter.aspx to the DbCommand.Parameters http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbcommand.parameters.aspx财产。参数名称必须与占位符名称匹配。
[WebMethod]
public void bookRatedAdd(string title, int rating, string review, string ISBN, string userName)
{
using (OleDbConnection conn = new OleDbConnection(
"Provider=Microsoft.Jet.OleDb.4.0;"+
"Data Source="+Server.MapPath("App_Data\\BookRateInitial.mdb"));
{
conn.Open();
// DbCommand also implements IDisposable
using (OleDbCommand cmd = conn.CreateCommand())
{
// create command with placeholders
cmd.CommandText =
"INSERT INTO bookRated "+
"([title], [rating], [review], [frnISBN], [frnUserName]) "+
"VALUES(@title, @rating, @review, @isbn, @username)";
// add named parameters
cmd.Parameters.AddRange(new OleDbParameter[]
{
new OleDbParameter("@title", title),
new OleDbParameter("@rating", rating),
...
});
// execute
cmd.ExecuteNonQuery();
}
}
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)