开发环境:xp sp3,vs2010 .net framework4.如下是一段教程里的代码:private void GetSpecialProduct(int SupplierID)
{
//从web.config中获取数据库连接
string connectionStr = WebConfigurationManager.ConnectionStrings["NorthwindConnectionString"].ConnectionString;
//创建与数据库的连接
SqlConnection conn = new SqlConnection(connectionStr);
conn.Open();
SqlCommand cmd = new SqlCommand("select * from products where SupplierID=@SupplierID", conn);
//---------------------------------------------------------------
//1,使用SqlParameter对象
//SqlParameter parameter = new SqlParameter();
//parameter.ParameterName = "@SupplierID";
//parameter.Direction = ParameterDirection.Input;
//parameter.Value = SupplierID;
//cmd.Parameters.Add(parameter);
//----------------------------------------------------------------
//2,可以直接使用Parameters的重载的Add方法添加参数
//cmd.Parameters.Add("@SupplierID", SqlDbType.Int).Value = SupplierID;
//----------------------------------------------------------------
//cmd.Parameters.Add("@SupplierID", SqlDbType.Int);
//cmd.Parameters["@SupplierID"].Value = SupplierID;
//3,或者使用Parameters.AddWithValue方法添加参数
cmd.Parameters.AddWithValue("@SupplierID", SupplierID);
//执行SQL命令并进行数据绑定
SqlDataReader sdr= cmd.ExecuteReader(CommandBehavior.CloseConnection);
GridView1.DataSource = sdr;
GridView1.DataBind();
conn.Dispose();
}
如下是我自己写的,被注释的写法会报错,','附近有语法错误。为什么啊?public int Insert(OperationStruct operate)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["POWERDATAConnectionString"].ConnectionString);
try
{
conn.Open(); }
catch
{
return 1; //数据库操作失败
}
SqlCommand command = new SqlCommand();
command.Connection = conn;
command.CommandType = CommandType.Text;
command.CommandText = "insert into POWERDATA.dbo.Device_Operate" +
" values ('"+operate.ip+"',"+operate.address+",'"+operate.userID+"','"+operate.time+"','"+operate.action+"' )";
/*****为什么下面的写法不对******/
//command.CommandText = "insert into POWERDATA.dbo.Device_Operate" +
//" values (@ip,@address,@userID,@time,@action)";
//command.Parameters.Add("@ip",SqlDbType.NVarChar).Value=operate.ip;
//command.Parameters.Add("@address", SqlDbType.Int).Value = operate.address;
//command.Parameters.Add("@userID", SqlDbType.NVarChar).Value = operate.userID;
//command.Parameters.Add("@time", SqlDbType.DateTime).Value = operate.time;
//command.Parameters.Add("@action", SqlDbType.NText).Value = operate.action;
try
{
command.ExecuteNonQuery();
conn.Dispose();
}
catch
{
return 1; //数据库操作失败
} return 0;
}
求解释。。
{
//从web.config中获取数据库连接
string connectionStr = WebConfigurationManager.ConnectionStrings["NorthwindConnectionString"].ConnectionString;
//创建与数据库的连接
SqlConnection conn = new SqlConnection(connectionStr);
conn.Open();
SqlCommand cmd = new SqlCommand("select * from products where SupplierID=@SupplierID", conn);
//---------------------------------------------------------------
//1,使用SqlParameter对象
//SqlParameter parameter = new SqlParameter();
//parameter.ParameterName = "@SupplierID";
//parameter.Direction = ParameterDirection.Input;
//parameter.Value = SupplierID;
//cmd.Parameters.Add(parameter);
//----------------------------------------------------------------
//2,可以直接使用Parameters的重载的Add方法添加参数
//cmd.Parameters.Add("@SupplierID", SqlDbType.Int).Value = SupplierID;
//----------------------------------------------------------------
//cmd.Parameters.Add("@SupplierID", SqlDbType.Int);
//cmd.Parameters["@SupplierID"].Value = SupplierID;
//3,或者使用Parameters.AddWithValue方法添加参数
cmd.Parameters.AddWithValue("@SupplierID", SupplierID);
//执行SQL命令并进行数据绑定
SqlDataReader sdr= cmd.ExecuteReader(CommandBehavior.CloseConnection);
GridView1.DataSource = sdr;
GridView1.DataBind();
conn.Dispose();
}
如下是我自己写的,被注释的写法会报错,','附近有语法错误。为什么啊?public int Insert(OperationStruct operate)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["POWERDATAConnectionString"].ConnectionString);
try
{
conn.Open(); }
catch
{
return 1; //数据库操作失败
}
SqlCommand command = new SqlCommand();
command.Connection = conn;
command.CommandType = CommandType.Text;
command.CommandText = "insert into POWERDATA.dbo.Device_Operate" +
" values ('"+operate.ip+"',"+operate.address+",'"+operate.userID+"','"+operate.time+"','"+operate.action+"' )";
/*****为什么下面的写法不对******/
//command.CommandText = "insert into POWERDATA.dbo.Device_Operate" +
//" values (@ip,@address,@userID,@time,@action)";
//command.Parameters.Add("@ip",SqlDbType.NVarChar).Value=operate.ip;
//command.Parameters.Add("@address", SqlDbType.Int).Value = operate.address;
//command.Parameters.Add("@userID", SqlDbType.NVarChar).Value = operate.userID;
//command.Parameters.Add("@time", SqlDbType.DateTime).Value = operate.time;
//command.Parameters.Add("@action", SqlDbType.NText).Value = operate.action;
try
{
command.ExecuteNonQuery();
conn.Dispose();
}
catch
{
return 1; //数据库操作失败
} return 0;
}
求解释。。
command.CommandText = "insert into POWERDATA.dbo.Device_Operate" +
" values ('"+operate.ip+"','"+operate.address+"','"+operate.userID+"','"+operate.time+"','"+operate.action+"' )";
insert into 表名 ( 字段名1,字段名2,字段名3,...) value(@value1, @value2, @value3,...)
把生成的SQL语句放到查询分析器中,看能否正常运行。