发表新帖
发表新帖

inserting textbox values into database

前端 未结
关注
6 1022
陌清茗
陌清茗 2020-12-16 07:57

im a newbie here and would like some advice on C# programming

i would like to store values from a textbox into a database. so far, i have the following: 

<
6条回答
  • 暗喜
    暗喜 (楼主)
    2020-12-16 08:10

    First, your code is ripe for SQL Injection attacks - you really should be using parameterized queries.

    Also, if you use parameters, you can have some type safety and the values will be translated correctly to SQL Server.

    It is difficult to tell what is wrong here, since the values you are concatenating are unknown to us (for instance, what does bidDueDate look like?, What does thisQuery look like before you execute it?).

    I would normally write this as a stored procedure taking the parameters you need for inserting a record, in my C# I would create the command object add the correct parameters (and types) to it.

    See the example on this MSDN page (SqlCommand.Parameters).

    0 讨论(0)
 看不清?
提交回复
热议问题