分享程序员开发的那些事...
更新时间:2023-11-15 08:40:34
的这就是连接首先,我所看到的字符串连接导致要查询的一部分的
Thats the first place where I have seen string concatenation causing conn to be part of query.
您错位字符串引号,你的说法应该是:
You misplaced string quotes, your statement should be:
SqlCommand cmd =
new SqlCommand("Insert into NOTESMAKER(NOTESMAKER) Values('" + NotesMaker + "'",con);
在你目前的code,你通过字符串INSERT INTO NOTESMAKER(NOTESMAKER)VALUES('+ NotesMaker +',CON),因此,连接属性没有初始化,因此例外。
In your current code, you are passing string "Insert into NOTESMAKER(NOTESMAKER) Values('"+NotesMaker+"',con)", hence the connection property is not initialized and hence the exception.
您不应该使用字符串连接创建查询,而是使用参数。这将节省您从 SQL注入。这样的:
You should never use string concatenation for creating queries, instead use Parameters. This will save you from SQL Injection. Like:
using(SqlConnection con = new SqlConnection("connectionstring"))
using(SqlCommand cmd = new SqlCommand("Insert into NOTESMAKER(NOTESMAKER) Values(@NotesMaker)",con))
{
cmd.Parameters.AddWithValue("@NotesMaker", NotesMaker);
con.Open();
cmd.ExecuteNonQuery();
}