-
Try to capture the return value.
-
1. Confirm that the database connection is correct.
insert into zc_info(yhm,mm)");
values('" + "','" + "')");
SQL problematic values should be preceded by spaces.
-
To add a space, you need to put a space in front of the values.
insert into zc_info(yhm,mm) ");
values('" + "','" + "')");
-
The error is reported because the syntax of the SQL statement you spelled is incorrect, and the quotation marks do not appear in pairs.
1. Re-splice the SQL statement, string sql =" insert into ..values (
It must be when splicing" ' "+ Variables+" ' "This is how it appeared. Although the int type can be used without quotation marks in SQL statements, it is better to use single quotation marks for concatenation from C, and it will not cause errors.
2. Use parameter to pass parameters.
Splicing SQL can be problematic and unsightly.
The most common vulnerabilities are SQL injection, such as user input during queries"0 or 1=1", spell it into your SQL statement"select * from table where id = 0 or 1=1 ;This will find out all the information, which is very insecure.
This kind of problem can be avoided with sqlparameter:
string sql = "insert into table (name,age) values (@name,@age);
var paras = new sqlparameter
new sqlparameter("@name", ,new sqlparameter("@age", ,sql,paras);
This is an executed function, which can be wrapped by itself, and there are a lot of overloads in it. What is passed is the connection string, SQL type,
statements, variables, etc.
The program will automatically treat the @name @age in the statement as a variable, and pass in the value of the parameter group paras you wrote.
-
There is an error in SQL splicing,'1,'1, 1, one less'.
It should be'1','1'
ASP connection access
Define the access database path. >>>More
At least the basic things must be mastered, such as: the linear structure of the database, the storage method, the way to call Hezheng, and the operation of the table in the database (to use statements to erect the bench to achieve). >>>More
The structure of the storage is the main basis for classifying the types of copy databases. In today's Internet, databases are usually divided into two categories, namely relational and non-relational databases. >>>More
The prospect of learning UI is good, and there are many training institutions, so the local people may choose to visit and understand the real teachers and educational strength of the school before making a choice. Share the general development of the UI, I hope it will be useful to you. >>>More
The deletion operation in the data is irreparable, sometimes the data in the data table may be deleted due to misoperation, or the database crashes for other reasons, and all the data is lost, especially when there is a large amount of useful data in the database, then it is impossible for you to enter the data again from the beginning, this is the role of the backup database, back up the database, when the above situation occurs, you can restore the previous database through the backup file.