可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
Many posts about Parameters in SQL with C# but I am still missing something. I am not getting an error message but no data is inserted. What is missing? I have text boxes named fname, lname, address, city, state and zip.
private void enter_button_Click(object sender, EventArgs e)
{
string first, last, addy, city1, stat, zippy;
first = fname.Text;
SqlParameter firstparam;
firstparam = new SqlParameter();
firstparam.ParameterName = "@first";
firstparam.Value = first;
last = lname.Text;
SqlParameter lastparam;
lastparam = new SqlParameter();
lastparam.ParameterName = "@last";
lastparam.Value = last;
addy = address.Text;
SqlParameter addressparam;
addressparam = new SqlParameter();
addressparam.ParameterName = "@addy";
addressparam.Value = addy;
city1 = city.Text;
SqlParameter cityparam;
cityparam = new SqlParameter();
cityparam.ParameterName = "@city1";
cityparam.Value = city1;
stat = state.Text;
SqlParameter stateparam;
stateparam = new SqlParameter();
stateparam.ParameterName = "@stat";
stateparam.Value = stat;
zippy = zip.Text;
SqlParameter zipparam;
zipparam = new SqlParameter();
zipparam.ParameterName = "@zippy";
zipparam.Value = zippy;
try
{
Validate(fname);
Validate(lname);
Validate(city);
Validate(state);
}
catch (Exception ex)
{
throw new Exception(ex.ToString(), ex);
}
try
{
exValidate(address);
}
catch (Exception ex1)
{
throw new Exception(ex1.ToString(), ex1);
}
try
{
numValidate(zip);
}
catch (Exception ex2)
{
throw new Exception(ex2.ToString(), ex2);
}
string connection = "Data Source=TX-MANAGER;Initial Catalog=Contacts;Integrated Security=True";
var sqlstring = string.Format("INSERT INTO Contacts ([First] ,[Last] ,[Address] ,[City] ,[State],[ZIP]) VALUES {0}, {1}, {2}, {3}, {4}, {5})", @first, @last, @addy, @city1, @stat, @zippy);
SqlConnection conn = new SqlConnection(connection);
SqlCommand comm = new SqlCommand();
comm.CommandText = sqlstring;
try
{
conn.Open();
//SqlTransaction trans = conn.BeginTransaction();
//comm.Transaction = trans;
comm.Parameters.Add("@first", SqlDbType.Text);
comm.Parameters.Add("@last", SqlDbType.Text);
comm.Parameters.Add("@addy", SqlDbType.Text);
comm.Parameters.Add("@city1", SqlDbType.Text);
comm.Parameters.Add("@stat", SqlDbType.Text);
comm.Parameters.Add("@zippy", SqlDbType.SmallInt);
}
catch (Exception commex)
{
throw new Exception(commex.ToString(), commex);
}
conn.Close();
}
So I changed to this and still nothing happens.
string connection = "Data Source=TX-MANAGER;Initial Catalog=Contacts;Integrated Security=True";
var sqlstring = string.Format("INSERT INTO Contacts ([First] ,[Last] ,[Address] ,[City] ,[State],[ZIP]) VALUES {0}, {1}, {2}, {3}, {4}, {5})", @first, @last, @addy, @city1, @stat, @zippy);
SqlConnection conn = new SqlConnection(connection);
SqlCommand comm = conn.CreateCommand();
comm.CommandText = sqlstring;
try
{
conn.Open();
//SqlTransaction trans = conn.BeginTransaction();
//comm.Transaction = trans;
comm.Parameters.AddWithValue("@first", first);
comm.Parameters.AddWithValue("@last", last);
comm.Parameters.AddWithValue("@addy", addy);
comm.Parameters.AddWithValue("@city1", city1);
comm.Parameters.AddWithValue("@stat", stat);
comm.Parameters.AddWithValue("@zippy", zippy);
comm.ExecuteNonQuery();
回答1:
You forgot to execute the command ;)
EDIT: you also didn't use the parameters that you created at the beginning of the method.
...
try
{
conn.Open();
//SqlTransaction trans = conn.BeginTransaction();
//comm.Transaction = trans;
comm.Parameters.Add(firstparam);
comm.Parameters.Add(lastparam);
comm.Parameters.Add(addressparam);
comm.Parameters.Add(cityparam);
comm.Parameters.Add(stateparam);
comm.Parameters.Add(zipparam);
// This is what you forgot:
comm.ExecuteNonQuery();
}
...
BTW, don't do things like that:
catch (Exception ex1)
{
throw new Exception(ex1.ToString(), ex1);
}
It's useless, it just adds a new level of exception without adding anything useful. Just let the exception bubble up the stack until it reaches a catch block that actually does something useful.
回答2:
The key issues in the provided sample are:
- The definition of the
sqlstring should have the parameter definitions in the string
- The Call Stack is being reset when the error is thrown by creating a new error object
- The
SqlConnection and SqlCommand object are not begin disposed correctly (for example, the conn.Close() call is not part of the Finally section of the exception handler.
- The
Value of the SqlParameters are not being set
- The
Execute xx method on the SqlCommand object is not begin called
- String Values are stored in a
varchar type, not Text. Text is the deprecated SQL Server datatype to store blob.
I would Refactor the code as follows:
private void enter_button_Click(object sender, EventArgs e)
{
var first = fname.Text;
var last = lname.Text;
var addy = address.Text;
var city1 = city.Text;
var stat = state.Text;
var zippy = zip.Text;
Validate(fname);
Validate(lname);
Validate(city);
Validate(state);
exValidate(address);
numValidate(zip);
using (var conn = new SqlConnection("Data Source=TX-MANAGER;Initial Catalog=Contacts;Integrated Security=True"))
using (var cmd = new SqlCommand(@"INSERT INTO Contacts ([First], [Last], [Address], [City], [State], [ZIP]) VALUES (@first, @last, @addy, @city1, @stat, @zippy)", conn))
{
cmd.Parameters.AddRange(
new[]
{
new SqlParameter(@"first", SqlDbType.VarChar).Value = first,
new SqlParameter(@"last", SqlDbType.VarChar).Value = last,
new SqlParameter(@"addy", SqlDbType.VarChar).Value = addy,
new SqlParameter(@"city1", SqlDbType.VarChar).Value = city1,
new SqlParameter(@"state", SqlDbType.VarChar).Value = stat,
new SqlParameter(@"zippy", SqlDbType.SmallInt).Value = zippy
});
conn.Open();
cmd.ExecuteNonQuery();
}
}
Note: I prefer supplying the datatype of parameters since SqlCE does not always work correctly when no type is supplied.
回答3:
This will be much shorter:
using (SqlConnection connection = new SqlConnection(connectionString))
using (SqlCommand command = connection.CreateCommand())
{
command.CommandText = "INSERT INTO Contacts ([First], [Last], [Address], [City], [State], [ZIP]) VALUES (@first, @last, @address, @city, @state, @zip)";
command.Parameters.AddWithValue("@first", first);
// or
// command.Parameters.Add("@first", SqlDbType.Type).Value = first;
// ...
connection.Open();
command.ExecuteNonQuery();
}
But first of all here's what you missed:
comm.Parameters.Add(firstparam);
// instead of
// comm.Parameters.Add("@first", SqlDbType.Text);
and
command.ExecuteNonQuery();
回答4:
There are many ways of going about it. One of the ways is to replace the lines in the try block with:
comm.Parameters.AddWithValue("@first", first);
comm.Parameters.AddWithValue("@last", last);
comm.Parameters.AddWithValue("@addy", addy);
comm.Parameters.AddWithValue("@city1", city1);
comm.Parameters.AddWithValue("@stat", stat);
comm.Parameters.AddWithValue("@zippy", zippy);
If you do that, you dont need all the SqlParameter initializations
And you obviously need to execute the command:
comm.ExecuteNonQuery();
回答5:
Firstly you are not executing the command, you'll need to call comm.ExecuteNonQuery();, secondly your SQL string will be wrong. This line:
var sqlstring = string.Format("INSERT INTO Contacts ([First] ,[Last] ,[Address] ,[City],
[State],[ZIP]) VALUES {0}, {1}, {2}, {3}, {4}, {5})", @first, @last, @addy, @city1,
@stat, @zippy)
Can just be:
var sqlstring = "INSERT INTO Contacts ([First] ,[Last] ,[Address] ,[City] ,[State],[ZIP])
VALUES (@first, @last, @addy, @city1, @stat, @zippy)";
Thridly you are not actually adding your parameters to your command. You create a parameter like so:
SqlParameter zipparam;
zipparam = new SqlParameter();
zipparam.ParameterName = "@zippy";
zipparam.Value = zippy;
But you are adding this:
comm.Parameters.Add("@zippy", SqlDbType.SmallInt);
with no reference to zipparam. This means that the value zippy is never actually added to the command. You could do this all in one line using:
comm.Parameters.Add(new SqlParameter(@Zippy, SqlDbType.SmallInt)).Value = zippy;
