这是我第一次尝试参数化查询。我收到了错误
必须声明标量变量@Email
感谢任何帮助!
string sql = "INSERT INTO Upload VALUES (@Email, @TimeStamp, @EmployeeId, @Name, @Title, @Department, @Race, @Gender, @AnnualizedBase, @AnnualizedTCC);";
using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
using (SqlCommand command = new SqlCommand(sql, con))
{
decimal num;
var emailparam = new SqlParameter("@Email", SqlDbType.Text);
emailparam.Value = System.Web.HttpContext.Current.User.Identity.GetUserId();
// some more parameters following same format
var baseparam = new SqlParameter("@AnnualizedBase", SqlDbType.Money);
if (decimal.TryParse(result.Tables[0].Rows[i][6].ToString(), out num))
{
baseparam.Value = num;
}
else
{
ViewBag.Error = "not money format";
}
var tccparam = new SqlParameter("@AnnualizedTCC", SqlDbType.Money);
if (decimal.TryParse(result.Tables[0].Rows[i][7].ToString(), out num))
{
tccparam.Value = num;
}
else
{
ViewBag.Error = "not money format";
}
con.Open();
command.ExecuteNonQuery();
con.Close();
}
答案 0 :(得分:1)
您正在定义您的参数 - 到目前为止,非常好。
但是现在,在执行查询之前,您必须.Add() SqlCommand对象的参数!
// Add parameters to SqlCommand
command.Parameters.Add(emailparam);
command.Parameters.Add(baseparam);
command.Parameters.Add(tccparam);
// *NOW* you can open connection, execute query, close connection
con.Open();
command.ExecuteNonQuery();
con.Close();
答案 1 :(得分:0)
如果你不理解,你应该试试这个问我进一步了解
string mail="abc@hotmail.com";
string name="Abdul Aleem";
//This is In Lin Query
string sql = "INSERT INTO Upload VALUES (@Email, @Name)" //and so on
SqlConnection con = newSqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString)
SqlCommand cmd = new SqlCommand(sql, con);
cmd.CommandType = System.Data.CommandType.Text;
cmd.Parameters.AddWithValue("@Email", mail);
cmd.Parameters.AddWithValue("@Name", name);
//And same as add other paramters according to your in line query
cmd.ExecuteNonQuery();