SQL INSERT - Invalid column name

前端未结

关注

 6  1979

执念已碎 2021-01-22 16:34

As some of you may of seen from my previous post I\'m new to using C# to create websites (Although I have a fair bit of experience using it for Windows Forms apps). The powers t

6条回答

无人及你 (楼主)

2021-01-22 17:20

looks like you are missing a bracket:

string sqlcode = "INSERT INTO file_uploads (upload_filename VALUES ("+filename+")";

Should be

string sqlcode = "INSERT INTO file_uploads (upload_filename) VALUES ('"+filename+"')";

Also, to avoid SQL injection attacks you can use the SQLCommand objects like so.

using (SQLCommand oSQLCommand = new SQLCommand("INSERT INTO file_uploads (upload_filename) VALUES ( @FileName )")
{
oSQLCommand.Parameters.AddWithValue("@FileName", filename);

oSQLCommand.ExecuteNonQuery();
}

0 讨论(0)

查看其它6个回答