发表新帖
发表新帖

SQL Server Invalid column name when adding string value

后端 未结
关注
5 803
一向
一向 2021-01-18 15:23

I\'m new to SQL Server

I\'ve created my table like this:

CREATE TABLE Accidents (
     Id INT NOT NULL PRIMARY KEY IDENTITY,
     GUID VARCHAR(100),
5条回答
  • 情话喂你
    情话喂你 (楼主)
    2021-01-18 15:49

    You need quotes around your strings. You're just directly substituting in the values, so SQL is trying to parse them as columns.

    SqlCommand cmd = new SqlCommand("INSERT INTO Accidents (GUID,Latitude,Longitude,PhotoName)    
       VALUES ('" + GUID + "','" + latitude + "','" + longitude + "','" + photoName + "')", con);

    You should note, however, that this is extremely insecure code. It's very prone to SQL injection. Try using paramaterized queries instead.

    0 讨论(0)
 看不清?
提交回复
热议问题