用 Parameters 啊 Dim strSQL As String = "INSERT xx (xx) VALUES (@lx)" Dim cmd As New SqlCommand(strSQL, myConnection) With cmd.Parameters .Add("@lx", SqlDbType.NChar).Value = TextBoxhtlb.Text End With
aaa=Replace(aaa, "'", "'") aaa=Replace(aaa, """", """)CREATE PROCEDURE testin AS INSERT INTO test(aaa) VALUES ('"&aaa&"') RETURN
I did test, it is working fine insert into aaa value ( 'ad'||''''||'cd"ef');
http://dev.csdn.net/article/47/47596.shtm
AS
INSERT INTO test(aaa) VALUES ("这里面的值该怎样写啊?")
RETURN我用的是sql server,请高手指点指点!
insert into temptable values(@cc)cc.value = @"ad'cd"ef ";
sql里面转义用的是 []
但是好像是查询时转义
Dim strSQL As String = "INSERT xx (xx) VALUES (@lx)"
Dim cmd As New SqlCommand(strSQL, myConnection)
With cmd.Parameters
.Add("@lx", SqlDbType.NChar).Value = TextBoxhtlb.Text
End With
aaa=Replace(aaa, """", """)CREATE PROCEDURE testin
AS
INSERT INTO test(aaa) VALUES ('"&aaa&"')
RETURN
insert into aaa value ( 'ad'||''''||'cd"ef');
stirng sql = "insert into xxx() values('" + mystr.Replace("'","''") + "')";
字符串中的特殊符号单引号在SQL中的处理,这都是非常基础的知识了.
双引号怎么改啊。
双引号怎么改啊。
------------------双引号在C#里面用转义符
string mystr = "ad'cd\"ef";
或者在前面加@号
string mystr = @"ad'cd"ef";
CREATE PROCEDURE testin
AS
INSERT INTO test(aaa) VALUES ('"&aaa&"')
RETURN这样就行了, " 不会影响你sql语句的
AS
INSERT INTO test(aaa) VALUES ('"& Replace(aaa, "'", "''")
&"')
RETURN
----------------
只要你能成功传递进去,没有问题
char函数将整型转为ascii字符char(39)代表’