数字类型的不要写单引号
最好用带参数的SQL语句StringBuilder sql = new StringBuilder("INSERT INTO [dbo].[OperateLog]");
sql.Append("([UserId],[OperateName],[ObjectId],[OperateDesc],[OperateTime]) ");
sql.Append("VALUES (@UserId,@OperateName,@ObjectId,@OperateDesc ,@OperateTime)");
SqlParameter[] par = new SqlParameter[]
{
new SqlParameter("@UserId",ol.User.UserId),
new SqlParameter("@OperateName",ol.OperateName),
new SqlParameter("@ObjectId",ol.ObjectId),
new SqlParameter("@OperateDesc",ol.OperateDesc),
new SqlParameter("@OperateTime",ol.OperateTime),
};
最好用带参数的SQL语句StringBuilder sql = new StringBuilder("INSERT INTO [dbo].[OperateLog]");
sql.Append("([UserId],[OperateName],[ObjectId],[OperateDesc],[OperateTime]) ");
sql.Append("VALUES (@UserId,@OperateName,@ObjectId,@OperateDesc ,@OperateTime)");
SqlParameter[] par = new SqlParameter[]
{
new SqlParameter("@UserId",ol.User.UserId),
new SqlParameter("@OperateName",ol.OperateName),
new SqlParameter("@ObjectId",ol.ObjectId),
new SqlParameter("@OperateDesc",ol.OperateDesc),
new SqlParameter("@OperateTime",ol.OperateTime),
};
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货