在操作数据库的时候用SQL参数化,示例: OleDbConnection cn = new OleDbConnection("连接字符串"); OleDbCommand cmd = new OleDbCommand("insert into 表A (姓名,年龄)values(?,?)", cn); cmd.Parameters.AddWithValue("?", "张三"); cmd.Parameters.AddWithValue("?", 16); cn.Open(); cmd.ExecuteNonQuery(); cn.Close();
string sql = "insert into 表(name,price,client,phone,imageurl,comurl) values(@name,@price,@client,@phone,@imageurl,@comurl)"; SqlParameter[] para = new SqlParameter[] { new SqlParameter("@name",Name), new SqlParameter("@price",Price), new SqlParameter("@client",Client), new SqlParameter("@phone",Phone), new SqlParameter("@imageurl",Imageurl), new SqlParameter("@comurl",Comurl) }; 差不多就是这样了
OleDbConnection cn = new OleDbConnection("连接字符串");
OleDbCommand cmd = new OleDbCommand("insert into 表A (姓名,年龄)values(?,?)", cn);
cmd.Parameters.AddWithValue("?", "张三");
cmd.Parameters.AddWithValue("?", 16);
cn.Open();
cmd.ExecuteNonQuery();
cn.Close();
SqlParameter[] para = new SqlParameter[] {
new SqlParameter("@name",Name),
new SqlParameter("@price",Price),
new SqlParameter("@client",Client),
new SqlParameter("@phone",Phone),
new SqlParameter("@imageurl",Imageurl),
new SqlParameter("@comurl",Comurl)
};
差不多就是这样了