public void AddTest(Models.CTM_INFORMATION model)
{
string str_Cmd = "insert into CTM_INFORMATION (CUSTOMERID,USERPWD,LOGINNAME,USERNAME,TEL,MOBILETEL,IDCARD,CARDTYPE,EMAIL,BIRTHDATE,SEX,PROVINCEID,CITYID,ADDRESS,POSTCODE,DEGREE,INCOME,JOB,POSITION,REGTIME,LOGINTIME,CID,EMAILFLAG,PWDQUESTION,PWDANSWER,ACTIVECODE)"
+"values ('0','1','2','3','4','5','6','7','8','9','10','11','12','13','14','15','16','17','18','19','20','21','22','23','24')";
string str = "insert into CTM_INFORMATION (SEQ_CTM_INFORMATION.NEXTVAL,USERPWD,LOGINNAME,USERNAME,TEL,MOBILETEL,IDCARD,CARDTYPE,EMAIL,BIRTHDATE,SEX,PROVINCEID,CITYID,ADDRESS,POSTCODE,DEGREE,INCOME,JOB,POSITION,REGTIME,LOGINTIME,CID,EMAILFLAG,PWDQUESTION,PWDANSWER,ACTIVECODE)";
str += "values(";
str += "'" + model.USERPWD + "'";
str += "'" + model.LOGINNAME + "'";
str += "'" + model.USERNAME + "'";
str += "'" + model.TEL + "'";
str += "'" + model.MOBILETEL + "'";
str += "'" + model.IDCARD + "'";
str += "'" + model.CARDTYPE + "'";
str += "'" + model.EMAIL + "'";
str += "'" + model.BIRTHDATE + "'";
str += "'" + model.SEX + "'";
str += "'" + model.PROVINCEID + "'";
str += "'" + model.CITYID + "'";
str += "'" + model.ADDRESS + "'";
str += "'" + model.POSTCODE + "'";
str += "'" + model.DEGREE + "'";
str += "'" + model.INCOME + "'";
str += "'" + model.JOB + "'";
str += "'" + model.POSITION + "'";
str += "'" + model.REGTIME + "'";
str += "'" + model.LOGINTIME + "'";
str += "'" + model.CID + "'";
str += "'" + model.EMAILFLAG + "'";
str += "'" + model.PWDQUESTION + "'";
str += "'" + model.PWDANSWER + "'";
str += "'" + model.ACTIVECODE + "')";
try
{
//DbHelperOra.ExecuteSql(strSql.ToString());写这个吗?
}
catch(Exception e)
{
Console.WriteLine(e.Message);
}
请问下
try里面怎么写啊?
{
string str_Cmd = "insert into CTM_INFORMATION (CUSTOMERID,USERPWD,LOGINNAME,USERNAME,TEL,MOBILETEL,IDCARD,CARDTYPE,EMAIL,BIRTHDATE,SEX,PROVINCEID,CITYID,ADDRESS,POSTCODE,DEGREE,INCOME,JOB,POSITION,REGTIME,LOGINTIME,CID,EMAILFLAG,PWDQUESTION,PWDANSWER,ACTIVECODE)"
+"values ('0','1','2','3','4','5','6','7','8','9','10','11','12','13','14','15','16','17','18','19','20','21','22','23','24')";
string str = "insert into CTM_INFORMATION (SEQ_CTM_INFORMATION.NEXTVAL,USERPWD,LOGINNAME,USERNAME,TEL,MOBILETEL,IDCARD,CARDTYPE,EMAIL,BIRTHDATE,SEX,PROVINCEID,CITYID,ADDRESS,POSTCODE,DEGREE,INCOME,JOB,POSITION,REGTIME,LOGINTIME,CID,EMAILFLAG,PWDQUESTION,PWDANSWER,ACTIVECODE)";
str += "values(";
str += "'" + model.USERPWD + "'";
str += "'" + model.LOGINNAME + "'";
str += "'" + model.USERNAME + "'";
str += "'" + model.TEL + "'";
str += "'" + model.MOBILETEL + "'";
str += "'" + model.IDCARD + "'";
str += "'" + model.CARDTYPE + "'";
str += "'" + model.EMAIL + "'";
str += "'" + model.BIRTHDATE + "'";
str += "'" + model.SEX + "'";
str += "'" + model.PROVINCEID + "'";
str += "'" + model.CITYID + "'";
str += "'" + model.ADDRESS + "'";
str += "'" + model.POSTCODE + "'";
str += "'" + model.DEGREE + "'";
str += "'" + model.INCOME + "'";
str += "'" + model.JOB + "'";
str += "'" + model.POSITION + "'";
str += "'" + model.REGTIME + "'";
str += "'" + model.LOGINTIME + "'";
str += "'" + model.CID + "'";
str += "'" + model.EMAILFLAG + "'";
str += "'" + model.PWDQUESTION + "'";
str += "'" + model.PWDANSWER + "'";
str += "'" + model.ACTIVECODE + "')";
try
{
//DbHelperOra.ExecuteSql(strSql.ToString());写这个吗?
}
catch(Exception e)
{
Console.WriteLine(e.Message);
}
请问下
try里面怎么写啊?
try只是捕获异常
就是通过编译,但是执行中,你少字段,sql语句写错了,等等等等......
try可以捕获这些异常
public void Add(Models.CTM_INFORMATION model)
{
StringBuilder strSql=new StringBuilder();
strSql.Append("insert into CTM_INFORMATION(");
strSql.Append("CUSTOMERID,USERPWD,LOGINNAME,USERNAME,TEL,MOBILETEL,IDCARD,CARDTYPE,EMAIL,BIRTHDATE,SEX,PROVINCEID,CITYID,ADDRESS,POSTCODE,DEGREE,INCOME,JOB,POSITION,REGTIME,LOGINTIME,CID,EMAILFLAG,PWDQUESTION,PWDANSWER,ACTIVECODE)");
strSql.Append(" values (");
strSql.Append("SEQ_CTM_INFORMATION.NEXTVAL,:USERPWD,:LOGINNAME,:USERNAME,:TEL,:MOBILETEL,:IDCARD,:CARDTYPE,:EMAIL,:BIRTHDATE,:SEX,:PROVINCEID,:CITYID,:ADDRESS,:POSTCODE,:DEGREE,:INCOME,:JOB,:POSITION,:REGTIME,:LOGINTIME,:CID,:EMAILFLAG,:PWDQUESTION,:PWDANSWER,:ACTIVECODET)");
try{
OracleParameter[] parameters = {
new OracleParameter(":USERPWD", OracleType.VarChar,30),
new OracleParameter(":LOGINNAME", OracleType.VarChar,30),
new OracleParameter(":USERNAME", OracleType.VarChar,20),
new OracleParameter(":TEL", OracleType.VarChar,40),
new OracleParameter(":MOBILETEL", OracleType.VarChar,50),
new OracleParameter(":IDCARD", OracleType.VarChar,30),
new OracleParameter(":CARDTYPE", OracleType.Number,1),
new OracleParameter(":EMAIL", OracleType.VarChar,100),
new OracleParameter(":BIRTHDATE", OracleType.DateTime),
new OracleParameter(":SEX", OracleType.Number,1),
new OracleParameter(":PROVINCEID", OracleType.Char,2),
new OracleParameter(":CITYID", OracleType.Char,3),
new OracleParameter(":ADDRESS", OracleType.VarChar,100),
new OracleParameter(":POSTCODE", OracleType.Char,6),
new OracleParameter(":DEGREE", OracleType.Char,2),
new OracleParameter(":INCOME", OracleType.Char,2),
new OracleParameter(":JOB", OracleType.Char,2),
new OracleParameter(":POSITION", OracleType.Char,2),
new OracleParameter(":REGTIME", OracleType.DateTime),
new OracleParameter(":LOGINTIME", OracleType.DateTime),
new OracleParameter(":CID", OracleType.VarChar,4),
new OracleParameter(":EMAILFLAG", OracleType.Number,1),
new OracleParameter(":PWDQUESTION", OracleType.VarChar,100),
new OracleParameter(":PWDANSWER", OracleType.VarChar,100),
new OracleParameter(":ACTIVECODET", OracleType.VarChar,4),};
parameters[0].Value = model.USERPWD;
parameters[1].Value = model.LOGINNAME;
parameters[2].Value = model.USERNAME;
parameters[3].Value = model.TEL;
parameters[4].Value = model.MOBILETEL;
parameters[5].Value = model.IDCARD;
parameters[6].Value = model.CARDTYPE;
parameters[7].Value = model.EMAIL;
parameters[8].Value = model.BIRTHDATE;
parameters[9].Value = model.SEX;
parameters[10].Value = model.PROVINCEID;
parameters[11].Value = model.CITYID;
parameters[12].Value = model.ADDRESS;
parameters[13].Value = model.POSTCODE;
parameters[14].Value = model.DEGREE;
parameters[15].Value = model.INCOME;
parameters[16].Value = model.JOB;
parameters[17].Value = model.POSITION;
parameters[18].Value = model.REGTIME;
parameters[19].Value = model.LOGINTIME;
parameters[20].Value = model.CID;
parameters[21].Value = model.EMAILFLAG;
parameters[22].Value = model.PWDQUESTION;
parameters[23].Value = model.PWDANSWER;
parameters[24].Value = model.ACTIVECODE;
DbHelperOra.ExecuteSql(strSql.ToString(),parameters);
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}但是听说用拼装的SQL语句下面不能这样写~
是吧?
SQL中的语句用分号隔开,最后在try里执行那个方法好了,你这样是以纯脚本方式执行,没有SqlCommand那么安全
我今天是第二次用Oracle,所以对这个里面的一点也不了解!
这个是动态sql,是有可能被sql注入
但是可以在控件和等等一些地方用一些约束不让别人sql注入的!
各位大仙,你们写没写过这个Oracle拼装的sql语句呢?有的拿出来借鉴一下下啊!