有时候插入数据到SQL的时候内容中会有单引号“ ' ”,这个时候一般的查询语句就会出错。
解决方法有几个,一是存储过程,二是参数化查询语句。今天就讲讲第二种
StringBuilder sqlText
=
new
StringBuilder(
@"
UPDATE tb SET content = @QTY
"
);
string parameter = " 内容 " ;
SqlCommand comm = new SqlCommand(sql.ToString());
SqlParameter parms = new SqlParameter();
parms.SqlDbType = SqlDbType.Text;
parms.ParameterName = " QTY " ;
parms.Value = parameter;
comm.Parameters.Add(parms);
comm.Connection = conn;
try
{
int i = comm.ExecuteNonQuery();
}
catch (Exception ex)
{
}
string parameter = " 内容 " ;
SqlCommand comm = new SqlCommand(sql.ToString());
SqlParameter parms = new SqlParameter();
parms.SqlDbType = SqlDbType.Text;
parms.ParameterName = " QTY " ;
parms.Value = parameter;
comm.Parameters.Add(parms);
comm.Connection = conn;
try
{
int i = comm.ExecuteNonQuery();
}
catch (Exception ex)
{
}