【发布时间】:2018-01-20 23:42:28
【问题描述】:
我正在尝试写入数据库并收到“输入字符串格式不正确”错误。我假设它是最后两列的数据类型,但我不确定如何更改。在 SQL Server 中,它们都是 money 数据类型。代码如下:
string query = null;
for (int i = 0; i < result.Tables[0].Rows.Count; i++)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString);
query = "INSERT INTO Upload(Email, TimeStamp, EmployeeId, Name, Title, Department, Race, Gender, AnnualizedBase, AnnualizedTCC) VALUES ('"
+ System.Web.HttpContext.Current.User.Identity.GetUserId() + "', "
+ " '" + DateTime.Now + "', "
+ " '" + result.Tables[0].Rows[i][0].ToString() + "', "
+ " '" + result.Tables[0].Rows[i][1].ToString() + "', "
+ " '" + result.Tables[0].Rows[i][2].ToString() + "', "
+ " '" + result.Tables[0].Rows[i][3].ToString() + "', "
+ " '" + result.Tables[0].Rows[i][4].ToString() + "', "
+ " '" + result.Tables[0].Rows[i][5].ToString() + "', "
+ Convert.ToInt32(result.Tables[0].Rows[i][6]) + ", "
+ Convert.ToInt32(result.Tables[0].Rows[i][7])
+ ")";
con.Open();
SqlCommand cmd = new SqlCommand(query, con);
cmd.ExecuteNonQuery();
con.Close();
}
【问题讨论】:
-
请尽快查看如何编写参数化查询。您将从这些错误、这些乱七八糟的代码和 Sql 注入中解脱出来
-
感谢 cmets。如果我理解正确,我的插入查询将类似于 INSERT INTO TABLE VALUES (@email, @field2, @field3),每个字段的定义如下: var emailparam = new SqlParameter("Email", SqlDbType.文本); emailparam.Value = System.Web.HttpContext.Current.User.Identity.GetUserId(); -- 对吗?
标签: c# sql-server ado.net