Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
270 views
in Technique[技术] by (71.8m points)

c# - Parameterize SQL query

Many posts about Parameters in SQL with C# but I am still missing something. I am not getting an error message but no data is inserted. What is missing? I have text boxes named fname, lname, address, city, state and zip.

 private void enter_button_Click(object sender, EventArgs e)
 {
    string first, last, addy, city1, stat, zippy;
    first = fname.Text; 
    SqlParameter firstparam;
    firstparam = new SqlParameter();
    firstparam.ParameterName = "@first";
    firstparam.Value = first;
    last = lname.Text;
    SqlParameter lastparam;
    lastparam = new SqlParameter();
    lastparam.ParameterName = "@last";
    lastparam.Value = last;
    addy = address.Text;
    SqlParameter addressparam;
    addressparam = new SqlParameter();
    addressparam.ParameterName = "@addy";
    addressparam.Value = addy;
    city1 = city.Text;
    SqlParameter cityparam;
    cityparam = new SqlParameter();
    cityparam.ParameterName = "@city1";
    cityparam.Value = city1;
    stat = state.Text;
    SqlParameter stateparam;
    stateparam = new SqlParameter();
    stateparam.ParameterName = "@stat";
    stateparam.Value = stat;
    zippy = zip.Text;
    SqlParameter zipparam;
    zipparam = new SqlParameter();
    zipparam.ParameterName = "@zippy";
    zipparam.Value = zippy;

    try
    {
        Validate(fname);
        Validate(lname);
        Validate(city);
        Validate(state);
    }
    catch (Exception ex)
    {
        throw new Exception(ex.ToString(), ex);
    }

    try
    {
        exValidate(address);
    }
    catch (Exception ex1)
    {
        throw new Exception(ex1.ToString(), ex1);
    }

    try
    {
        numValidate(zip);
    }
    catch (Exception ex2)
    {
        throw new Exception(ex2.ToString(), ex2);
    }


    string connection = "Data Source=TX-MANAGER;Initial Catalog=Contacts;Integrated Security=True";
    var sqlstring = string.Format("INSERT INTO Contacts ([First] ,[Last] ,[Address] ,[City] ,[State],[ZIP]) VALUES {0}, {1}, {2}, {3}, {4}, {5})", @first, @last, @addy, @city1, @stat, @zippy);
    SqlConnection conn = new SqlConnection(connection);
    SqlCommand comm = new SqlCommand();
    comm.CommandText = sqlstring;
    try
    {
        conn.Open();
        //SqlTransaction trans = conn.BeginTransaction();
        //comm.Transaction = trans;
        comm.Parameters.Add("@first", SqlDbType.Text);
        comm.Parameters.Add("@last", SqlDbType.Text);
        comm.Parameters.Add("@addy", SqlDbType.Text);
        comm.Parameters.Add("@city1", SqlDbType.Text);
        comm.Parameters.Add("@stat", SqlDbType.Text);
        comm.Parameters.Add("@zippy", SqlDbType.SmallInt);
    }
    catch (Exception commex)
    {
        throw new Exception(commex.ToString(), commex);
    }
    conn.Close();
}

So I changed to this and still nothing happens.

     string connection = "Data Source=TX-MANAGER;Initial Catalog=Contacts;Integrated Security=True";
        var sqlstring = string.Format("INSERT INTO Contacts ([First] ,[Last] ,[Address] ,[City] ,[State],[ZIP]) VALUES {0}, {1}, {2}, {3}, {4}, {5})", @first, @last, @addy, @city1, @stat, @zippy);
        SqlConnection conn = new SqlConnection(connection);
        SqlCommand comm = conn.CreateCommand();
        comm.CommandText = sqlstring;
        try
        {
            conn.Open();
            //SqlTransaction trans = conn.BeginTransaction();
            //comm.Transaction = trans;
            comm.Parameters.AddWithValue("@first", first);
            comm.Parameters.AddWithValue("@last", last);
            comm.Parameters.AddWithValue("@addy", addy);
            comm.Parameters.AddWithValue("@city1", city1);
            comm.Parameters.AddWithValue("@stat", stat);
            comm.Parameters.AddWithValue("@zippy", zippy);
            comm.ExecuteNonQuery();
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You forgot to execute the command ;)

EDIT: you also didn't use the parameters that you created at the beginning of the method.

    ...
    try
    {
        conn.Open();
        //SqlTransaction trans = conn.BeginTransaction();
        //comm.Transaction = trans;
        comm.Parameters.Add(firstparam);
        comm.Parameters.Add(lastparam);
        comm.Parameters.Add(addressparam);
        comm.Parameters.Add(cityparam);
        comm.Parameters.Add(stateparam);
        comm.Parameters.Add(zipparam);

        // This is what you forgot:
        comm.ExecuteNonQuery();
    }
    ...

BTW, don't do things like that:

    catch (Exception ex1)
    {
        throw new Exception(ex1.ToString(), ex1);
    }

It's useless, it just adds a new level of exception without adding anything useful. Just let the exception bubble up the stack until it reaches a catch block that actually does something useful.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...