如何将数据插入数据库? - 用户定义的类
[英]How to Insert Data to the Database? - User Defined Classes
问题描述
I'm Experimenting with databases and I'm finding different methods to optimize my codes. 
我正在试验数据库,我正在寻找不同的方法来优化我的代码。 Here I'm using a different class to stop re writing the same codes such as for add, Delete and update we use the same ExecuteNonQuery() method. 在这里,我使用不同的类来停止重写相同的代码,例如添加,删除和更新,我们使用相同的ExecuteNonQuery()方法。 So far Update delete methods worked well except the Insert. 到目前为止,除了Insert之外,Update删除方法运行良好。 Compiler doesn't give any errors but the values taken from the text boxes doesn't go to the variable string query. 编译器不会给出任何错误,但从文本框中获取的值不会转到变量字符串查询。 I'm new to c# coding. 我是c#编码的新手。 Can anyone help me? 谁能帮我? or an advice? 还是建议?
using DBconnectionExercise.DBConnection_Components;
namespace DBconnectionExercise
{
public partial class Student_Form : Form
{
DBComps dc = new DBComps();
//public string constring;
//public SqlConnection con = null;
//public SqlCommand com = null;
public String query;
public Student_Form()
{
InitializeComponent();
//constring = "Data Source=ASHANE-PC\\ASHANESQL;Initial Catalog=SchoolDB;Integrated Security=True";
//con = new SqlConnection(constring);
dc.ConnectDB();
}
private void Form1_Load(object sender, EventArgs e)
{
loadGridData();
}
private void dtp_dob_ValueChanged(object sender, EventArgs e)
{
DateTime Now = DateTime.Today;
DateTime Dob = dtp_dob.Value.Date;
int a = Now.Year - Dob.Year;
if (Now < Dob.AddYears(a)) a--;
tb_Age.Text = a.ToString();
}
private void loadGridData()
{
try
{
query = "Select * from tb_Student";
//dc.OpenCon();
//SqlDataAdapter da = new SqlDataAdapter(query, con);
DataTable dt1 = new DataTable();
dt1 = dc.Data_Table(query);
//da.Fill(dt);
Stu_DataGrid.DataSource = dt1;
//con.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
private void ClearData()
{
tb_Name.Clear();
tb_Address.Clear();
tb_Telno.Clear();
tb_Search.Clear();
tb_Age.Clear();
dtp_dob.Value = DateTime.Today;
}
private void btn_Add_Click(object sender, EventArgs e)
{
try
{
String name = tb_Name.Text;
DateTime dob = dtp_dob.Value.Date;
int age = Convert.ToInt32(tb_Age.Text);
String Address = tb_Address.Text;
int telno = Convert.ToInt32(tb_Telno.Text);
int line = 0;
//con.Open();
query = "Insert into tb_Student values(@Stu_Name, @Stu_DOB, @Age, @Stu_Address, @Stu_Tel_no)";
//query = "Insert into tb_Student (Stu_Name, Stu_DOB, Age, Stu_Address, Stu_Tel_no) Values('" + name + "','" + dob + "','" + age + "','" + Address + "','" + telno + "')";
MessageBox.Show(query);
//com = new SqlCommand(query, con);
// This is the Insert/save code
DBComps.com.Parameters.AddWithValue("@Stu_Name", name);
DBComps.com.Parameters.AddWithValue("@Stu_DOB", dob);
DBComps.com.Parameters.AddWithValue("@Age", age);
DBComps.com.Parameters.AddWithValue("@Stu_Address", Address);
DBComps.com.Parameters.AddWithValue("@Stu_Tel_no", telno);
//line = com.ExecuteNonQuery();
line = dc.ExeNonQuery(query);
//com.Dispose();
//con.Close();
if (line > 0)
{
loadGridData();
ClearData();
MessageBox.Show("Data saved sucessfully!", "Data Saved", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
MessageBox.Show("Data not Saved", "Error Save", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
catch(Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
This is the DBComps class which I used to write the Sql Function methods. 这是我用来编写Sql Function方法的DBComps类。
namespace DBconnectionExercise.DBConnection_Components
{
public class DBComps
{
public String conSring;
public SqlConnection con = null;
public static SqlCommand com = null;
public void ConnectDB()
{
conSring = "Data Source=ASHANE-PC\\ASHANESQL;Initial Catalog=SchoolDB;Integrated Security=True";
con = new SqlConnection(conSring);
}
public void OpenCon()
{
con.Open();
}
public void CloseCon()
{
con.Close();
}
public int ExeNonQuery(String query) //the method for Insert, update and delete.
{
int line = 0;
OpenCon();
com = new SqlCommand(query, con);
line = com.ExecuteNonQuery();
com.Dispose();
CloseCon();
return line;
}
}
}
2 个解决方案
解决方案1
2 2015-06-19 16:54:45
This is really really bad way of talking to database, its hackable using SQL injection and since you are learning, its right time to point this out: 这是与数据库交谈的非常糟糕的方式,它可以使用SQL注入进行攻击,并且因为你正在学习,所以正确的时间指出这一点:
query = "Insert into tb_Student values('"+ name +"','"+ dob +"','"+ age +"','"+ Address +"','"+ telno +"')";
read up on sql injection as to why and how, and look for best practices to find out better ways . 阅读sql注入的原因和方法,并寻找最佳实践以找到更好的方法。
解决方案2
1 已采纳 2015-06-17 17:08:53
OK finally I came up with the Answer to my question as I expected. 好吧最后我按照我的预期想出了我的问题的答案。 Here how to do this; 这里怎么做;
private void btn_Add_Click(object sender, EventArgs e)
{
try
{
String name = tb_Name.Text;
DateTime dob = dtp_dob.Value.Date;
int age = Convert.ToInt32(tb_Age.Text);
String Address = tb_Address.Text;
int telno = Convert.ToInt32(tb_Telno.Text);
int line = 0;
query = "Insert into tb_Student values('"+ name +"','"+ dob +"','"+ age +"','"+ Address +"','"+ telno +"')";
MessageBox.Show(query); //To see it works!
line = dc.ExeNonQuery(query);
if (line > 0)
{
loadGridData();
ClearData();
MessageBox.Show("Data saved sucessfully!", "Data Saved", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
MessageBox.Show("Data not Saved", "Error Save", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
catch(Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
Always remember to write the query statement variables/values exactly as to coincide with the table headers. 永远记住要完全写入查询语句变量/值,以便与表头一致。 Otherwise it will generate errors. 否则会产生错误。 Thanks everyone for helping with this question! 谢谢大家帮忙解决这个问题! :-) :-)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.