SQL INSERT - Invalid column name

前端 未结 6 1992
执念已碎
执念已碎 2021-01-22 16:34

As some of you may of seen from my previous post I\'m new to using C# to create websites (Although I have a fair bit of experience using it for Windows Forms apps). The powers t

6条回答
  •  春和景丽
    2021-01-22 16:57

    You are missing a parenthesis after the column name and the value represents a string and as such must be enclosed in quotes:

    string sqlcode = "INSERT INTO file_uploads (upload_filename) " + 
                     "VALUES ('"+filename+"')";
    

    However, the correct way would be to use a parameterized query:

    string filename = "abc123.jpg";
    SqlConnection link = new SqlConnection(/*you dont need to see my data here ;)*/);
    string sqlcode = "INSERT INTO file_uploads (upload_filename) VALUES (@filename)";
    SqlCommand sql = new SqlCommand(sqlcode,link);
    sql.Parameters.AddWithValue("@filename", filename);
    link.open();
    sql.ExecuteNonQuery();
    

提交回复
热议问题