0
問題出在可變小時,當我嘗試在CmdString
中使用時引發異常。我不明白爲什麼在變量小時是字符串時拋出異常。我怎麼解決這個問題。我在這裏錯過了什麼。將varchar值「..」轉換爲數據類型int時的轉換失敗
string ConString = ConfigurationManager.ConnectionStrings["DbSystem"].ConnectionString;
string CmdString = string.Empty;
DateTime time = DateTime.Now;
string hour = time.Hour.ToString();
using (SqlConnection con = new SqlConnection(ConString))
{
string folderName = DateTime.Now.Day.ToString() + "-" + DateTime.Now.Month.ToString() + "-" + DateTime.Now.Year.ToString();
string folder = Path.Combine(FOLDER_FOR_BACKUP_FILES);
Directory.CreateDirectory(FOLDER_FOR_BACKUP_FILES);
CmdString = @"declare @fileName varchar(100); declare @dbName varchar(100); declare @fileDate varchar(20); set @fileName = '" + folder + @"\'; set @dbName = 'DbSystem'; set @fileDate = convert(varchar(20), getdate(), 105); set @fileName = @fileName + @dbName + ' ' + @fileDate + '-' + " + hour + @" + '.bak'; backup database @dbName to disk = @fileName;";
SqlCommand cmd = new SqlCommand(CmdString, con);
SqlDataAdapter sda = new SqlDataAdapter(cmd);
DataTable dt = new DataTable("*");
sda.Fill(dt);
}
您應該使用參數化查詢,而不是像SQL注入那樣構建您的命令字符串!看看這裏的答案:http://stackoverflow.com/questions/7505808/using-parameters-in-sql-statements – CeOnSql