Wie man einen Einfügebefehl dynamisch von Datatable in C#

Question

erzeugt Ich stehe vor einem Problem mit einer SQL-Insert-Anweisung dynamisch aus einem DataTable-Objekt in C#. Ich möchte die besten Praktiken kennen, um es zu machen. Hier ist mein Code-Schnipsel, ich habe es bisher versucht.

String sqlCommandInsert = "INSERT INTO dbo.RAW_DATA("; 
String sqlCommandValue = ""; 
foreach (DataColumn dataColumn in dataTable.Columns) 
{ 
    sqlCommandInsert += dataColumn + ","; 
} 
sqlCommandInsert += sqlCommandInsert.TrimEnd(','); 

sqlCommandInsert += ") VALUE("; 

for (int i = 0; i < dataTable.Rows.Count; i++) 
{ 
    sqlCommandValue += "'" + dataTable.Rows[i].ItemArray[i] + "',"; 
} 

var insertCommand = sqlCommandInsert; 
sqlCommandValue = sqlCommandValue.TrimEnd(','); 

var command = insertCommand + sqlCommandValue + ")"; 
dataContext.Database.ExecuteSqlCommand(command); 

Jeder Vorschlag würde geschätzt :) Grüße.

Answer 1

Verwenden Sie VALUES anstelle von VALUE. Abgesehen davon, dass Sie immer SQL-Parameter verwenden sollten: do

string columns = string.Join("," 
    , dataTable.Columns.Cast<DataColumn>().Select(c => c.ColumnName)); 
string values = string.Join("," 
    , dataTable.Columns.Cast<DataColumn>().Select(c => string.Format("@{0}", c.ColumnName))); 
String sqlCommandInsert = string.Format("INSERT INTO dbo.RAW_DATA({0}) VALUES ({1})" , columns, values); 

using(var con = new SqlConnection("ConnectionString")) 
using (var cmd = new SqlCommand(sqlCommandInsert, con)) 
{ 
    con.Open(); 
    foreach (DataRow row in dataTable.Rows) 
    { 
     cmd.Parameters.Clear(); 
     foreach (DataColumn col in dataTable.Columns) 
      cmd.Parameters.AddWithValue("@" + col.ColumnName, row[col]); 
     int inserted = cmd.ExecuteNonQuery(); 
    } 
} 

Answer 2

## Dynamic Update Query from Datatable with Npgsql## 
    public string UpdateExecute(DataTable dataTable, string TableName) 
{ 

    NpgsqlCommand cmd = null; 
    string Result = String.Empty; 

    try 
    {    

     if (dataTable.Columns.Contains("skinData")) dataTable.Columns.Remove("skinData"); 
     string columns = string.Join(",", dataTable.Columns.Cast<DataColumn>().Select(c => c.ColumnName)); 

     string values = string.Join(",", dataTable.Columns.Cast<DataColumn>().Select(c => string.Format("@{0}", c.ColumnName))); 

     StringBuilder sqlCommandInsert = new StringBuilder(); 
     sqlCommandInsert.Append("Update " + TableName + " Set "); 

     string[] TabCol = columns.Split(','); 
     string[] TabVal = values.Split(','); 

     for (int i = 0; i < TabCol.Length; i++) 
     { 
      for (int j = 0; j < TabVal.Length; j++) 
      { 
       sqlCommandInsert.Append(TabCol[i] +" = "+ TabVal[i] + ","); 
       break; 
      } 
     } 
     string NpgsqlCommandUpdate= sqlCommandInsert.ToString().TrimEnd(','); 
     NpgsqlCommandUpdate += (" where " + TabCol[0] + "=" + TabVal[0]); 


     using (var con = new NpgsqlConnection("Server=localhost;Port=5432;uid=uapp;pwd=Password;database=Test;")) 
     { 
      con.Open(); 
      foreach (DataRow row in dataTable.Rows) 
      { 
       cmd = new NpgsqlCommand(NpgsqlCommandUpdate.ToString(), con); 
       cmd.Parameters.Clear(); 
       foreach (DataColumn col in dataTable.Columns) 
        cmd.Parameters.AddWithValue("@" + col.ColumnName, row[col]); 

       Result = cmd.ExecuteNonQuery().ToString(); 
      } 
     } 
    } 
    catch (Exception) 
    { 
     Result = "-1"; 
    } 
    return Result; 
}