62,243
社区成员




insert into NewsInfo (title,date,author,sourse,contents)
values ('bbb','bbb','bbb','bbb','展览时间上海新国际博览中心'上海市龙阳路2345号'')
public string ReplaceString(string strRes)
{
string strDes = null;
if (strRes.IndexOf("'", 1) > 0)
{
strDes = strRes.Replace("'", "\\'");
}
else
{
strDes = strRes;
}
return strDes;
}
//然后每个字段放入SQL之前调用一下
//如:info.Contents 换成ReplaceString(info.Contents)
sql = string.Format("insert into NewsInfo (title,date,author,sourse,contents)"
+ "values ('" + info.Title + "','" + info.Date + "','" + info.Author + "','" + info.Sourse + "','" + info.Contents + "')");
using (SqlConnection conn = new SqlConnection(connstring))
{
string sql = "";
sql = string.Format("insert into NewsInfo (title,date,author,sourse,contents)"
+ "values ('" + @info.Title + "','" + @info.Date + "','" + @info.Author + "','" + @info.Sourse + "','" + @info.Contents + "')");
SqlCommand command = new SqlCommand(sql, conn);
conn.Open();
command.ExecuteNonQuery();
conn.Close();
}
string SqlStr = "select ColA from ( select ColA = 'bbb') A " +
"where ColA in (@a,@b,@c,@d,@e)";
SqlConnection conn = new SqlConnection("User ID=xx;PWD=xx;Data Source=xx;Initial Catalog=xx;");
SqlCommand cmd = new SqlCommand(SqlStr, conn);
SqlDataReader dr = null;
SqlParameterCollection Paras = cmd.Parameters;
Paras.AddWithValue("@a", "bbb");
Paras.AddWithValue("@b", "bbb");
Paras.AddWithValue("@c", "bbb");
Paras.AddWithValue("@d", "bbb");
Paras.AddWithValue("@e", "展览时间上海新国际博览中心'上海市龙阳路2345号'");
using (conn)
{
conn.Open();
dr = cmd.ExecuteReader();
while (dr.Read())
{
Console.WriteLine(dr[0]);
}
}
sql = string.Format("insert into NewsInfo (title,date,author,sourse,contents)"
+ "values ('" + info.Title + "','" + info.Date + "','" + info.Author + "','" + info.Sourse + "','" + info.Contents + "')");
Replace("'", "'");