堆栈内存溢出
  简体   繁体   English

如何根据用户提供的输入形成sql查询

[英]How to form sql query based on the input provided by the user

 原文  2016-04-30 06:54:56       mysql/ asp.net

问题描述

I'm making a create user page in which users are created by admin. 我正在创建一个由admin创建用户的创建用户页面。 In that page 6 fields are mandatory and 4 fields are optional. 在该页面中,6个字段是必填字段,4个字段是可选字段。

I'm having difficulty in writing sql query according to the input provided by the admin. 我在根据管理员提供的输入编写sql查询时遇到困难。 Firstly i have to check which inputs are provided by the admin and then i have to run query according to that. 首先,我必须检查管理员提供的输入,然后根据该命令运行查询。 Values entered by admin are assigned to properties and then queries are build according to values present in properties. 将admin输入的值分配给属性,然后根据属性中存在的值构建查询。

I'm using very inefficient code right now. 我现在正在使用效率很低的代码。 It's running fine but it can be better. 它运行良好,但可能会更好。

My insert data code is: 我的插入数据代码是: 

public void InsertData()
    {
        try
        {
            var cn = ConfigurationManager.AppSettings["SGSDataBase_CN"];
            con = new SqlConnection(cn);
            con.Open();

            com = new SqlCommand();
            com.Connection = con;
            com.CommandType = CommandType.Text;

            if (ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email == null)
            {

                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.ExecuteNonQuery();
            }

            else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email == null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.ExecuteNonQuery();
            }

            else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth, @MobileNo)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.ExecuteNonQuery();
            }

            else if (ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth, @MobileNo, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, DateOfBirth, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @DateOfBirth, @MobileNo, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @MobileNo, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                //com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                //com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                //com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email == null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, DateOfBirth) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @DateOfBirth)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                //com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                //com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }


            else if(ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @MobileNo)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                //com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                //com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();

            }

            else if(ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin,DateOfBirth, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin,@DateOfBirth, @MobileNo)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                //com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                //com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                //com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @MobileNo)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                //com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                //com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }


            else if(ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, DateOfBirth, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @DateOfBirth, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                //com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }


            else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                //com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if (ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @MobileNo, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                //com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.ExecuteNonQuery();
            }
        }
        catch (Exception ex)
        {
            throw ex;
        }
        finally
        {
            if (com != null)
                com.Dispose();

            if (con != null)
                con.Dispose();

            com = null;
            con = null;
        }

    }

Please suggest efficient way to perform this action. 请提出执行此操作的有效方法。

Thanks in advance 提前致谢

1 个解决方案

解决方案1
 0 已采纳  2016-04-30 08:27:39

Without writing everything out this would be the idea: 如果不把所有内容都写出来,那就是这个想法:

Declare empty variables: 声明空变量: 

int UserId = 0;
string userName = "";

Fill variables with your data (assuming you are using a function?): 用数据填充变量(假设您正在使用函数?): 

private void function(int id, string name, ...further params...) {
    int UserId = 0;
    string userName = "";

    UserId = (id!=null) ? id : 0; /*Shorthand if statement to handle null values*/
    userName = name;
    /*further params*/

Add to query: 添加到查询: 

private void function(int id, string name ...further params...) {
    int UserId = 0;
    string userName = "";

    int UserID = id;
    string userName = name;
    /*further params*/

    com.CommandText = "INSERT INTO dms.Users_Table (all of your columns here) VALUES (@UserID, @UserName, ...all params declared above...)";
    com.Parameters.AddWithValue("@UserID", UserID);
    com.Parameters.AddWithValue("@UserName", userName);
    /*further adding*/
}

Having looked around I found that using .add().value is better than .AddWithValue so maybe take a look into change this as well 环顾四周后,我发现使用.add().value.AddWithValue更好,因此也许也可以考虑对此进行更改

.add() would be com.Parameters.Add("@UserID", SqlDbType.Int).value = UserID; .add()com.Parameters.Add("@UserID", SqlDbType.Int).value = UserID;

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 根据表单中的用户输入,很难更改PHP文档中的SQL查询 - Difficulty changing SQL query in PHP document based on user input from form 用户提供的输入SQL转义 - User provided input SQL-escaping 查询SQL表以根据用户输入返回同一行的值 - Query an SQL table to return the value of the same row based on user input 根据用户输入选择正确的SQL查询 - Choosing the correct SQL query based off user input 基于 Java 中的用户输入构建动态 SQL 查询 - Building a dynamic SQL query based on user input in Java laravel:如何在SQL中运行查询以供用户输入? - laravel : How to run query for user input in sql? MySQL查询基于用户输入 - MySQL query based on user input MySQL ProgrammingError 在简单的 SELECT 查询与用户提供的输入 - MySQL ProgrammingError on simple SELECT query with user-provided input 根据HTML表单中的用户输入从SQL数据库表中检索列 - Retrieve Columns from SQL Database Table Based on User Input in HTML Form php mysql基于用户输入表单 - php mysql based on user input form
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM