Is a time when I put the paper import database because the topic is a SQL statement and then have a single program at abnormal, is this why? Can you help me solve? Thank you!

CodePudding user response:

Don't put all the code, afraid we copy?

CodePudding user response:

He say there are grammatical errors near,,,, sure there is something wrong with the SQL statement,
Such as single quotes

CodePudding user response:

Parentheses may be Chinese, may be the whole Angle of the problem of single quotes,
Don't tangle you this statement, try the parameterized queries to insert records,

CodePudding user response:

Because in the SQL statement 'quotes' special semantic,

The best solution is to "parameterized queries, you can refer to send out an invitation card # buildings of 38 examples and explanation for single quotation marks,
https://bbs.csdn.net/topics/393068375 (staff to the database table to insert data when testing staff code, name any repeat, and repeat remind?)

CodePudding user response:

The problem of the SQL statement.
Insert into table name
Values (data)

CodePudding user response:

reference 1/f, hands on the keyboard to knock very light response:

don't put all the code, afraid we copy?

Sorry I didn't mean it because there is nothing wrong with the insert statement so no post thank you can reply

CodePudding user response:

refer to the second floor is nu month god reply:

he said there is grammar mistake,,,, sure there is something wrong with the SQL statement,
Such as single quotes

Is not a subject database is at fault because import is a SQL statement thank you can reply

CodePudding user response:

reference 4 floor github_36000833 response:

because 'quotes' in the SQL statement has special semantic,

The best solution is to "parameterized queries, you can refer to send out an invitation card # buildings of 38 examples and explanation for single quotation marks,
https://bbs.csdn.net/topics/393068375 (staff to the database table to insert data when testing staff code, name any repeat, and repeat remind?)

Ok thank you I try it

CodePudding user response:

Single quotation marks in front of the database to convert, generally want to double quotation marks, ' '

CodePudding user response:

reference 1/f, hands on the keyboard to knock very light response:

don't put all the code, afraid we copy?

String TiMuName=DanRow [r]. "TiMu" ToString (). The Replace (" '", "" "); I use this method is ok but the title of the single quotes into the double quotes. Thanks

CodePudding user response:

My SQL statements there is no problem has been resolved but become a double quote thank you

CodePudding user response:

references 9 floor of _ through the snow non-trace reply:

single quotation marks in front of the database to convert, generally want to double quotation marks, '

HMM can now thank you

CodePudding user response:

Because you didn't pass the parameterized SQL stored, but by the SQL statement, the problem of SQL injection

CodePudding user response:

she would play the soy sauce reference 13 floor response:

because you didn't pass the parameterized SQL, but by the SQL statement, produce the problem of SQL injection

Ok thank you I'll go to check it

CodePudding user response:

Parameterized queries than replace single quotes "" well, at least there are two reasons why

One is the code more readable and easier to maintain,
Second, performance advantages, especially for many times with different parameters to invoke the same SQL,

To a SQL statement, the server can cache the query plan and reuse them when repeat query execution, parameterized queries might come this benefit,
And if in the same way that a string concatenation, for each query to a new server query plan, have a certain influence on the performance,

CodePudding user response:

The

reference 15 floor github_36000833 reply:

parameterized queries are superior to the "replace single quotes"
there are at least two reasons
One is the code more readable and easier to maintain,
Second, performance advantages, especially for many times with different parameters to invoke the same SQL,

To a SQL statement, the server can cache the query plan and reuse them when repeat query execution, parameterized queries might come this benefit,
And if in the same way that a string concatenation, for each query to a new server query plan, have a certain influence on the performance of,

Thank you I would go to learn the parameterized queries, thank you very much