更新时间:2023-10-19 18:18:04
试试这个
try this
string qry = "INSERT INTO [dbo].[user] (Name,Mobile,EmailId,Gender) VALUES( '" + textBox1.Text + "' , '" + textBox2.Text + "','" + textBox3.Text + "' , '" + genderText + "')";
注意:了解 SQL注入 [ ^ ]
根据以下评论更新: b $ b
Note: be aware of SQL Injection[^]
updated based on thebelow comments:
string qry = "INSERT INTO [dbo].[User] (Name,Mobile,EmailId,Gender) VALUES( @Name,@Mobile,@EmailId,@Gender)";
SqlCommand cmd = new SqlCommand(qry, con);
cmd.Parameters.AddWithValue("@Name", textBox1.Text);
cmd.Parameters.AddWithValue("@Mobile", textBox2.Text);
cmd.Parameters.AddWithValue("@EmailId", textBox3.Text);
cmd.Parameters.AddWithValue("@Gender", genderText);
cmd.ExecuteNonQuery();