SQL-Abfrage parametrieren
Viele Beiträge über Parameter in SQL mit C #, aber mir fehlt noch etwas. Ich erhalte keine Fehlermeldung, aber es wurden keine Daten eingefügt. Was fehlt? Ich habe Textfelder mit den Namen fname, lname, address, city, state und zip.
private void enter_button_Click(object sender, EventArgs e)
{
string first, last, addy, city1, stat, zippy;
first = fname.Text;
SqlParameter firstparam;
firstparam = new SqlParameter();
firstparam.ParameterName = "@first";
firstparam.Value = first;
last = lname.Text;
SqlParameter lastparam;
lastparam = new SqlParameter();
lastparam.ParameterName = "@last";
lastparam.Value = last;
addy = address.Text;
SqlParameter addressparam;
addressparam = new SqlParameter();
addressparam.ParameterName = "@addy";
addressparam.Value = addy;
city1 = city.Text;
SqlParameter cityparam;
cityparam = new SqlParameter();
cityparam.ParameterName = "@city1";
cityparam.Value = city1;
stat = state.Text;
SqlParameter stateparam;
stateparam = new SqlParameter();
stateparam.ParameterName = "@stat";
stateparam.Value = stat;
zippy = zip.Text;
SqlParameter zipparam;
zipparam = new SqlParameter();
zipparam.ParameterName = "@zippy";
zipparam.Value = zippy;
try
{
Validate(fname);
Validate(lname);
Validate(city);
Validate(state);
}
catch (Exception ex)
{
throw new Exception(ex.ToString(), ex);
}
try
{
exValidate(address);
}
catch (Exception ex1)
{
throw new Exception(ex1.ToString(), ex1);
}
try
{
numValidate(zip);
}
catch (Exception ex2)
{
throw new Exception(ex2.ToString(), ex2);
}
string connection = "Data Source=TX-MANAGER;Initial Catalog=Contacts;Integrated Security=True";
var sqlstring = string.Format("INSERT INTO Contacts ([First] ,[Last] ,[Address] ,[City] ,[State],[ZIP]) VALUES {0}, {1}, {2}, {3}, {4}, {5})", @first, @last, @addy, @city1, @stat, @zippy);
SqlConnection conn = new SqlConnection(connection);
SqlCommand comm = new SqlCommand();
comm.CommandText = sqlstring;
try
{
conn.Open();
//SqlTransaction trans = conn.BeginTransaction();
//comm.Transaction = trans;
comm.Parameters.Add("@first", SqlDbType.Text);
comm.Parameters.Add("@last", SqlDbType.Text);
comm.Parameters.Add("@addy", SqlDbType.Text);
comm.Parameters.Add("@city1", SqlDbType.Text);
comm.Parameters.Add("@stat", SqlDbType.Text);
comm.Parameters.Add("@zippy", SqlDbType.SmallInt);
}
catch (Exception commex)
{
throw new Exception(commex.ToString(), commex);
}
conn.Close();
}
Also habe ich das geändert und es passiert immer noch nichts.
string connection = "Data Source=TX-MANAGER;Initial Catalog=Contacts;Integrated Security=True";
var sqlstring = string.Format("INSERT INTO Contacts ([First] ,[Last] ,[Address] ,[City] ,[State],[ZIP]) VALUES {0}, {1}, {2}, {3}, {4}, {5})", @first, @last, @addy, @city1, @stat, @zippy);
SqlConnection conn = new SqlConnection(connection);
SqlCommand comm = conn.CreateCommand();
comm.CommandText = sqlstring;
try
{
conn.Open();
//SqlTransaction trans = conn.BeginTransaction();
//comm.Transaction = trans;
comm.Parameters.AddWithValue("@first", first);
comm.Parameters.AddWithValue("@last", last);
comm.Parameters.AddWithValue("@addy", addy);
comm.Parameters.AddWithValue("@city1", city1);
comm.Parameters.AddWithValue("@stat", stat);
comm.Parameters.AddWithValue("@zippy", zippy);
comm.ExecuteNonQuery();