3

I want to insert Unicode letters I have already tried changing the data types to nvarchar(max) and my select statement is

string str = "insert into Table1( (N'title), datee, post, cat, imageurl) values  ('" + TextBox1.Text + "','" + DateTime.Now.ToShortDateString() + "','" + TextBox2.Text + "','" + DropDownList1.SelectedItem.Text + "','" + path+"')";`
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
coderoaq
  • 39
  • 1
  • 1
  • 9
  • 6
    Just a tip: Use parameterized queries. – jAC May 12 '13 at 15:45
  • @JanesAbouChleih can show me – coderoaq May 12 '13 at 15:46
  • Related Question : http://stackoverflow.com/questions/1350968/how-to-insert-unicode-text-to-sql-server-from-query-window – cvraman May 12 '13 at 15:47
  • Check the following post. It has your answer. [How to insert arabic characters into sql database?][1] [1]: http://stackoverflow.com/questions/2881682/how-to-insert-arabic-characters-into-sql-database – Emmanouil Chountasis May 12 '13 at 15:47
  • @user2351986 I don't know which driver you use to access the database. But mostly it's something like: `SQLParameter myParam = new SQLParameter(); myParam.DBType = DBType.VARCHAR; myParam.Value = xyz; myCommand.Parameter.Add(myParam);` – jAC May 12 '13 at 15:56

1 Answers1

5

You should always use parametrized queries to avoid SQL injection attacks. Parameters also give you the ability to explicitly define what data types and which length you want. Furthermore, by using parameters, you don't need to fiddle with lots of single and double quotes and so forth - the code becomes much cleaner and easier to read - and you avoid a lot of errors, too!

Try code something like this:

// define your INSERT statement with PARAMETERS
string insertStmt = "INSERT INTO dbo.Table1(title, datee, post, cat, imageurl) " +
                    "VALUES(@title, @datee, @post, @cat, @imageurl)";

// define connection and command
using(SqlConnection conn = new SqlConnection(yourConnectionStringHere))
using (SqlCommand cmd = new SqlCommand(insertStmt, conn))
{
     // define parameters and set their values
     cmd.Parameters.Add("@title", SqlDbType.NVarChar, 100).Value = TextBox1.Text.Trim();
     cmd.Parameters.Add("@datee", SqlDbType.DateTime).Value = DateTime.Now;
     cmd.Parameters.Add("@post", SqlDbType.NVarChar, 100).Value = TextBox2.Text.Trim();
     cmd.Parameters.Add("@cat", SqlDbType.NVarChar, 100).Value = DropDownList1.SelectedItem.Text.Trim();
     cmd.Parameters.Add("@imageurl", SqlDbType.NVarChar, 250).Value = path;

     // open connection, execute query, close connection
     conn.Open();
     int rowsInserted = cmd.ExecuteNonQuery();
     conn.Close();
}
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459