稍等
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[detail]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[detail]
GOCREATE TABLE [dbo].[detail] (
[id] [bigint] IDENTITY (1, 1) NOT NULL ,
[title] [nvarchar] (50) COLLATE Chinese_PRC_CI_AS NOT NULL ,
[author] [nvarchar] (50) COLLATE Chinese_PRC_CI_AS NULL ,
[keyword] [nvarchar] (200) COLLATE Chinese_PRC_CI_AS NULL ,
[content] [text] COLLATE Chinese_PRC_CI_AS NULL ,
[authorcontact] [nvarchar] (200) COLLATE Chinese_PRC_CI_AS NULL ,
[field] [nvarchar] (200) COLLATE Chinese_PRC_CI_AS NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[detail]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[detail]
GOCREATE TABLE [dbo].[detail] (
[id] [bigint] IDENTITY (1, 1) NOT NULL ,
[title] [nvarchar] (50) COLLATE Chinese_PRC_CI_AS NOT NULL ,
[author] [nvarchar] (50) COLLATE Chinese_PRC_CI_AS NULL ,
[keyword] [nvarchar] (200) COLLATE Chinese_PRC_CI_AS NULL ,
[content] [text] COLLATE Chinese_PRC_CI_AS NULL ,
[authorcontact] [nvarchar] (200) COLLATE Chinese_PRC_CI_AS NULL ,
[field] [nvarchar] (200) COLLATE Chinese_PRC_CI_AS NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
如果出错了,可以看到下面的出错信息的
然后再作分析
如:string.Replace(title.Text.ToString(),"'","'''");
values('"+title.Text.ToString()+"',
'"+author.Text.ToString()+"',
'"+keyword.Text.ToString()+"',
'"+content.Text.ToString()+"',
'"+contact.Text.ToString()+"'
)";
str.Replace("',"''")如下:
string a='a'
string strQuery=insert into table (title,....) values('"+a.Replace("'","''")+"',...)
values('"+title.Text.ToString().Replace("'","''")+"',
'"+author.Text.ToString().Replace("'","''")+"',
'"+keyword.Text.ToString().Replace("'","''")+"',
'"+content.Text.ToString().Replace("'","''")+"',
'"+contact.Text.ToString().Replace("'","''")+"'
)
在你的contact文本框输入"') Drop table detail--",就可以把你的detail删掉.