c# - テキストエリアからSQL Server 2008で複数の行を保存する方法は?

Question

テキスト領域からSQL Server 2008で複数の行を保存する方法??

<textarea runat="server" rows="5" cols="70"  id="commentarea"  
          name="commentarea"  style="margin-left: 197px" ></textarea>

<asp:Button ID="Button1" runat="server" style="margin-left: 287px" 
            Text="Comment" onclick="Button1_Click" />

C# コード:

ConnectionStringSettings pubs = ConfigurationManager.ConnectionStrings["RegConnectionString"];

SqlConnection connection = new SqlConnection(pubs.ConnectionString);

SqlCommand cmd = connection.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO CommentTable (Comment) values( '" + commentarea.InnerText+"')";

connection.Open();
cmd.ExecuteNonQuery();
connection.Close();

Answer 1

これを行わないでください。パラメータ化されたクエリを使用してください

ConnectionStringSettings pubs = ConfigurationManager.ConnectionStrings["RegConnectionString"];
    SqlConnection connection = new SqlConnection(pubs.ConnectionString);
    SqlCommand cmd = connection.CreateCommand();
    cmd.CommandType = CommandType.Text;
    cmd.CommandText = "INSERT INTO CommentTable (Comment) values(@Text )";
cmd.Parameters.AddWithValue("@Text", acommentarea.InnerText);
    connection.Open();
    cmd.ExecuteNonQuery();
    connection.Close();