问题描述

我对以下问题感到困惑；

I am confused by the following issue;

我有一个 C# (WindowsForms) 应用程序，我连接到 SQL Server 数据库，并且在我开始使用数字数据之前，插入、选择、更新都没有问题；

I have a C# (WindowsForms) application which I connect to a SQL Server DB and have no problem to INSERT, SELECT, UPDATE... until I started to work with numerical data;

此应用程序的目的是管理员工、他们的合同、工作费率、合同期限、小时费率......并用它来做一些有趣的计算，没什么魔法.

Purpose of this application is to manage employees, their contracts, rate of work, contracts durations, hourly rates... and do some funny calculations with that, nothing magic.

基本上，我需要在我的数据库中存储一些格式为0000,0000"的值(十进制?双精度?浮点数?).

Basically, I need to store some values (decimal? double? float?) with the format "0000,0000" in my DB.

• 在我的数据库中，我已将我的表设置为我需要将这些000,0000"值设为十进制的所有列

• In my DB, I have set my table with all columns where I require these "000,0000" values to decimal

在我的表单中，我没有为我的文本框指定任何特定属性，

In my forms, I haven't specified any specific properties to my textboxes,

为了插入，我使用了我定义了十进制参数的方法

To insert I use a method for which I defined decimal arguments

    public void createNewContract(int employeeId, string agency, string role, string contractType, string startDate,
    string endDate, string lineManager, string reportTo, string costCenter, string functionEng, string atrNo, string atrDate, string prNo, string prDate,
    string poNo, string poDate, string comments, decimal duration, decimal workRatePercent, string currency, decimal hourlyRate, decimal value)
{
    if (conn.State.ToString() == "Closed")
    {
        conn.Open();
    }
    SqlCommand newCmd = conn.CreateCommand();
    newCmd.Connection = conn;
    newCmd.CommandType = CommandType.Text;
    newCmd.CommandText = "INSERT INTO tblContracts (CreatedById, CreationDate, EmployeeId, Role, ContractType, StartDate, "
    + "EndDate, Agency, LineManager, ReportTo, CostCenter, FunctionEng, AtrNo, AtrDate, PrNo, PrDate, PoNo, PoDate, Comments, Duration, WorkRatePercent, Currency, HourlyRate, Value)"
    + "VALUES ('" + connectedUser.getUserId() + "','" + DateTime.Now.ToString("dd/MM/yyyy hh:mm:ss") + "','" + employeeId + "','" + role + "','" + contractType
    + "','" + startDate + "','" + endDate + "','" + agency + "','" + lineManager + "','" + reportTo + "','" + costCenter + "','" + functionEng + "','" + atrNo + "','" + atrDate + "','" + prNo
     + "','" + prDate + "','" + poNo + "','" + poDate + "','" + comments + "','" + duration + "','" + workRatePercent + "','" + currency + "','" + hourlyRate + "','" + value + "')";
    newCmd.ExecuteNonQuery();
    MessageBox.Show("Contract has been successfully created", "Completed", MessageBoxButtons.OK, MessageBoxIcon.Information);
}

(通过这种方法，我只需要插入00,0000作为持续时间(nb小时)，工作率百分比，每小时费率(货币货币)和价值(货币货币))

(through this method, I only need to insert as 00,0000 a duration (nb hours), workrate percentage, an hourly rate (money in a currency) and a value (money in a currency))

• 为了捕获我的文本框值并通过我的方法createNewContrat"发送它们，我尝试过Convert.ToDecimal(this.txtDuration.Text) 和许多其他对我来说似乎不错的东西，但我无法理解机制，我当然没有使用最实用/最聪明的解决方案......

我不断收到以下错误；

System.FormatException: Le format de la chaîne d'entrée est 不正确.= 输入/输入字符串的格式不正确
à System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)
à System.Number.ParseDecimal(String value, NumberStyles options, NumberFormatInfo numfmt)
à System.Convert.ToDecimal(String value)

你会推荐什么?

推荐答案

首先，在处理SqlConnection和SqlCommandusing> 和所有其他实现 IDisposable 的类只需阅读更多相关信息..

First of all, Always use using when dealing with SqlConnection and SqlCommand and all other classes that implements IDisposable just read more about it..

第二件事，始终将参数与 SqlCommand 一起使用，并且永远不要将值作为字符串传递给 sql 字符串.这是一个严重的安全问题.除了这些参数之外，还可以让您的代码人性化！

Second thing, Always use parameters with SqlCommand and never pass the values as a string to the sql string. This is a serious security issue. In addition to that parameters makes your code human friendly!

// Always use (using) when dealing with Sql Connections and Commands
using (sqlConnection conn = new SqlConnection())
{
    conn.Open();

    using (SqlCommand newCmd = new SqlCommand(conn))
    {
        newCmd.CommandType = CommandType.Text;

        newCmd.CommandText = 
              @"INSERT INTO tblContracts (CreatedById, CreationDate, EmployeeId, Role, ContractType, StartDate, EndDate, Agency, LineManager, ReportTo, CostCenter, FunctionEng, AtrNo, AtrDate, PrNo, PrDate, PoNo, PoDate, Comments, Duration, WorkRatePercent, Currency, HourlyRate, Value) 
              VALUES (@UserID, @CreationDate, @EmployeeID, @Role.....etc)";

        // for security reasons (Sql Injection attacks) always use parameters
        newCmd.Parameters.Add("@UserID", SqlDbType.NVarChar, 50)
             .Value = connectedUser.getUserId();

        newCmd.Parameters.Add("@CreationDate", SqlDbType.DateTime)
             .Value = DateTime.Now;

        // To add a decimal value from TextBox
        newCmd.Parameters.Add("@SomeValue", SqlDbType.Decimal)
             .Value = System.Convert.ToDecimal(txtValueTextBox.Text);

        // complete the rest of the parameters
        // ........

        newCmd.ExecuteNonQuery();

        MessageBox.Show("Contract has been successfully created", "Completed", MessageBoxButtons.OK, MessageBoxIcon.Information);
    }
}

这篇关于从文本框值插入数字(十进制)数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！