using parameters inserting data into access database

前端未结

关注

 4  1260

无人及你 2020-11-22 11:04

I have the following method to inserting data into a an access databasewhich works fine but I do get a problem if I try to insert text that contains single quotes I have lea

4条回答

滥情空心 (楼主)

2020-11-22 11:18

You have to use Parameter to insert Values. Its is allso a security Issue. If you do it like that a sql injection could by made.

Try like this:

string ConnString = Utils.GetConnString();
string SqlString = "Insert Into Contacts (FirstName, LastName) Values (?,?)";
using (OleDbConnection conn = new OleDbConnection(ConnString))
{
  using (OleDbCommand cmd = new OleDbCommand(SqlString, conn))
  {
    cmd.CommandType = CommandType.Text;
    cmd.Parameters.AddWithValue("FirstName", txtFirstName.Text);
    cmd.Parameters.AddWithValue("LastName", txtLastName.Text);
    conn.Open();
    cmd.ExecuteNonQuery();
  }
}

0 讨论(0)

查看其它4个回答