【发布时间】:2018-08-11 22:41:55
【问题描述】:
我正在尝试基于 Excel 文件将数据插入到 SQL Server。一切都很好,直到客户要求我在单击单选按钮时插入列。所以,我做了一个条件,radioButtonClicked 然后插入值。问题是我得到一个异常'INSERT 语句中的列多于 VALUES 子句中指定的值。 VALUES 子句中的值数必须与 INSERT 语句中指定的列数匹配。'
如何解决这个问题,请告诉我发生这种情况的原因? 谢谢。
koneksi.Open();
string df = "SET DATEFORMAT mdy;";
SqlCommand cmd_df = new SqlCommand(df, koneksi);
cmd_df.ExecuteNonQuery();
string sql = "delete from absenTA DBCC CHECKIDENT('absenTA', RESEED, 0)";
SqlCommand cmd = new SqlCommand(sql, koneksi);
cmd.ExecuteNonQuery();
foreach (DataTable table in result.Tables)
{
foreach (DataRow dr in table.Rows)
{
string sql_insert = "";
if (metroRBOff.Checked||metroRBON.Checked) //tanggalberubah == true
{
MessageBox.Show("Tanggal Berubah");
//dr[2] = textBoxDateTimeOnOff.Text;
//Convert.ToDateTime(dr[2]);
if (metroRBON.Checked)
{
sql_insert = "insert into absenTA(id, nama, tanggal, hari, first_in, last_out,on_off) values (" +
dr[0] + "," + "'" + dr[1] + "'" + "," + "'" +
dateTimePicker + "'" + "," + "'" + dr[3] + "'" + "," + "'" +
dr[4] + "'" + "," + "'" + dr[5] + "'" + "'" + metroRBON.Text + "'" + "); ";
}
else
{
sql_insert = "insert into absenTA(id, nama, tanggal, hari, first_in, last_out,on_off) values (" +
dr[0] + "," + "'" + dr[1] + "'" + "," + "'" +
dateTimePicker + "'" + "," + "'" + dr[3] + "'" + "," + "'" +
dr[4] + "'" + "," + "'" + dr[5] + "'" + "'" + metroRBOff.Text + "'" + "); ";
}
}
else if (dr[4] == DBNull.Value && dr[5] == DBNull.Value)
{
sql_insert = "insert into absenTA(id, nama, tanggal, hari) values (" +
dr[0] + "," + "'" + dr[1] + "'" + "," + "'" +
dr[2] + "'" + "," + "'" + dr[3] + "'" + ");";
}
else if (dr[4] == DBNull.Value)
{
sql_insert = "insert into absenTA(id, nama, tanggal, hari, last_out) values (" +
dr[0] + "," + "'" + dr[1] + "'" + "," + "'" +
dr[2] + "'" + "," + "'" + dr[3] + "'"+ "," + "'"+ dr[5] + "'" + ");";
}
else if (dr[5] == DBNull.Value)
{
sql_insert = "insert into absenTA(id, nama, tanggal, hari, first_in) values (" +
dr[0] + "," + "'" + dr[1] + "'" + "," + "'" +
dr[2] + "'" + "," + "'" + dr[3] + "'" + "," + "'" + dr[4]+"'" +");";
}
else
{
sql_insert = "insert into absenTA(id, nama, tanggal, hari, first_in, last_out) values (" +
dr[0] + "," + "'" + dr[1] + "'" + "," + "'" +
dr[2] + "'" + "," + "'" + dr[3] + "'" + "," + "'" +
dr[4] + "'" + "," + "'" + dr[5] + "'" + ");";
}
SqlCommand cmd_insert = new SqlCommand(sql_insert, koneksi);
//cmd_insert.Parameters.Add("@tanggal", SqlDbType.Date).Value = dateTimePickerOnOff.Value.Date;
cmd_insert.ExecuteNonQuery();
/*absenTA addtable = new absenTA()
{
id = Convert.ToInt32(dr[0]),
nama = Convert.ToString(dr[1]),
tanggal = Convert.ToDateTime(dr[2]),
hari = Convert.ToString(dr[3]),
first_in = Convert.ToDateTime(dr[4]),
last_out = Convert.ToDateTime(dr[5])
};
conn.absenTAs.InsertOnSubmit(addtable);
}*/
}
koneksi.Close();
//conn.SubmitChanges();
MessageBox.Show("Konversi Data Sukses");
}
【问题讨论】:
-
sql_insert失败时的 exact 值是多少?此外,您应该使用参数来避免 SQL 注入(以及这些错字问题) -
使用参数。
-
如前所述,您应该永远不要像这样构建 SQL - 这是非常危险的。也没有必要逐个字符地连接值(
+","+"'"等) - 作为参数化的逐字字符串文字,它会更多更具可读性。但;找到sql_insert之后的实际值,或者告诉我们那个,或者自己仔细看看。 -
您好,感谢您的回答。我发现我的 sql 语法是拼写错误并且是安全的。但是我是 sql 新手,这个程序仅供桌面使用。
-
@Venta11 桌面用户也可能是邪恶的 :) 经常不小心...
标签: c# sql-server