求求高手,看看我这个插入语句有什么问题
SqlCommand cmd = new SqlCommand("INSERT INTO UserInfo(UserName,UserPwd) values('" + uName + "," + uPwd + "')", sqlConn); --------------------编程问答-------------------- 何谓可以。能运行还是安全性? --------------------编程问答-------------------- SqlCommand cmd = new SqlCommand("INSERT INTO UserInfo(UserName,UserPwd) values('" + uName + "','" + uPwd + "')", sqlConn); --------------------编程问答-------------------- 楼上正解,values('"+xxxx+"' , '"xxxxxx"') --------------------编程问答-------------------- s('" + uName + "','" + uPwd + "')字符串要加单引号 --------------------编程问答-------------------- SqlCommand cmd = new SqlCommand("INSERT INTO UserInfo(UserName,UserPwd) values('" + uName + "','" + uPwd + "')", sqlConn); --------------------编程问答--------------------
正解。 SQL语句的标点要注意全角和半角
补充:.NET技术 , ASP.NET