我在从 C# 中的 dataTable 对象动态创建 SQL 插入语句时遇到一些问题。我想知道实现它的最佳实践。这是我的代码片段,到目前为止我已经尝试过。
String sqlCommandInsert = "INSERT INTO dbo.RAW_DATA(";
String sqlCommandValue = "";
foreach (DataColumn dataColumn in dataTable.Columns)
{
sqlCommandInsert += dataColumn + ",";
}
sqlCommandInsert += sqlCommandInsert.TrimEnd(',');
sqlCommandInsert += ") VALUE(";
for (int i = 0; i < dataTable.Rows.Count; i++)
{
sqlCommandValue += "'" + dataTable.Rows[i].ItemArray[i] + "',";
}
var insertCommand = sqlCommandInsert;
sqlCommandValue = sqlCommandValue.TrimEnd(',');
var command = insertCommand + sqlCommandValue + ")";
dataContext.Database.ExecuteSqlCommand(command);
如有任何建议,我们将不胜感激:) 问候。
使用
VALUES
而不是 VALUE
。除此之外,您应该始终使用 sql 参数:
string columns = string.Join(","
, dataTable.Columns.Cast<DataColumn>().Select(c => c.ColumnName));
string values = string.Join(","
, dataTable.Columns.Cast<DataColumn>().Select(c => string.Format("@{0}", c.ColumnName)));
String sqlCommandInsert = string.Format("INSERT INTO dbo.RAW_DATA({0}) VALUES ({1})" , columns, values);
using(var con = new SqlConnection("ConnectionString"))
using (var cmd = new SqlCommand(sqlCommandInsert, con))
{
con.Open();
foreach (DataRow row in dataTable.Rows)
{
cmd.Parameters.Clear();
foreach (DataColumn col in dataTable.Columns)
cmd.Parameters.AddWithValue("@" + col.ColumnName, row[col]);
int inserted = cmd.ExecuteNonQuery();
}
}
使用 Npgsql 从数据表动态更新查询
public string UpdateExecute(DataTable dataTable, string TableName)
{
NpgsqlCommand cmd = null;
string Result = String.Empty;
try
{
if (dataTable.Columns.Contains("skinData")) dataTable.Columns.Remove("skinData");
string columns = string.Join(",", dataTable.Columns.Cast<DataColumn>().Select(c => c.ColumnName));
string values = string.Join(",", dataTable.Columns.Cast<DataColumn>().Select(c => string.Format("@{0}", c.ColumnName)));
StringBuilder sqlCommandInsert = new StringBuilder();
sqlCommandInsert.Append("Update " + TableName + " Set ");
string[] TabCol = columns.Split(',');
string[] TabVal = values.Split(',');
for (int i = 0; i < TabCol.Length; i++)
{
for (int j = 0; j < TabVal.Length; j++)
{
sqlCommandInsert.Append(TabCol[i] +" = "+ TabVal[i] + ",");
break;
}
}
string NpgsqlCommandUpdate= sqlCommandInsert.ToString().TrimEnd(',');
NpgsqlCommandUpdate += (" where " + TabCol[0] + "=" + TabVal[0]);
using (var con = new NpgsqlConnection("Server=localhost;Port=5432;uid=uapp;pwd=Password;database=Test;"))
{
con.Open();
foreach (DataRow row in dataTable.Rows)
{
cmd = new NpgsqlCommand(NpgsqlCommandUpdate.ToString(), con);
cmd.Parameters.Clear();
foreach (DataColumn col in dataTable.Columns)
cmd.Parameters.AddWithValue("@" + col.ColumnName, row[col]);
Result = cmd.ExecuteNonQuery().ToString();
}
}
}
catch (Exception)
{
Result = "-1";
}
return Result;
}