[英]Retrieving ID from table C#
I want to retrieve the 'ReceiverID' from the 'Receiver' table when inserting a 'Cname' and place the ID into Visitor while I am filling the Visitor table.我想在插入“Cname”时从“Receiver”表中检索“ReceiverID”,并在填写“访问者”表时将 ID 放入“访问者”中。 How can i retrieve this ID?
我怎样才能找回这个ID? i can find it in my database but I want it to auto.
我可以在我的数据库中找到它,但我希望它自动。 fill in the Visitor table.
填写访客表。 (Im new to all of this)
(我对这一切都很陌生)
try
{
string connStr = ConfigurationManager.ConnectionStrings["ParkingBase"].ConnectionString;
using (SqlConnection connection = new SqlConnection(connStr))
{
connection.Open();
SqlCommand cmd = connection.CreateCommand();
cmd.CommandType = CommandType.Text;
string Cname = TxtCname.Text;
string FirstName = TxtFname.Text;
string MiddleName = TxtMname.Text;
string LastName = TxtLname.Text;
string PhoneNumber = TxtPhoneNumber.Text;
//(some variable for ReceiverID)
cmd.CommandText = "INSERT INTO Receiver(Cname) " +
"values('" + Cname + "')";
cmd.ExecuteNonQuery();
cmd.CommandText = "INSERT INTO Visitor(FirstName, MiddleName, LastName, PhoneNumber,ReceiverID)" +
"values('" + FirstName + "', '" + MiddleName + "', '" + LastName + "', '" + PhoneNumber + "','"ReceiverID"')";
cmd.ExecuteNonQuery();
connection.Close();
}
}
catch (Exception)
{
throw;
}
}`
You should write a parameterized query appending the SELECT SCOPE_IDENTITY() after the first insert.您应该编写一个参数化查询,在第一次插入后附加 SELECT SCOPE_IDENTITY()。 With simple queries like these there is no need to write a stored procedure and having two points to worry for maintenance.
使用这样的简单查询,无需编写存储过程,也无需担心维护的两点。
cmd.CommandText = "INSERT INTO Receiver(Cname) values(@cname);
SELECT SCOPE_IDENTITY()";
cmd.Parameters.Add("@cname", SqlDbType.NVarChar).Value = cName;
int receiverID = Convert.ToInt32(cmd.ExecuteScalar));
Now you can write the second insert statement (again using a parameterized query)现在您可以编写第二个插入语句(再次使用参数化查询)
cmd.Parameters.Clear();
cmd.CommandText = @"INSERT INTO Visitor
(FirstName, MiddleName, LastName, PhoneNumber,ReceiverID)
values(@first, @middle, @last,@phone,@receiver)";
cmd.Parameters.Add("first", SqlDbType.NVarChar).Value = FirstName;
....
cmd.Parameters.Add("receiver", SqlDbType.Int).Value = receiverID;
cmd.ExecuteNonQuery();
you can change your comment test and use scope identity after insert and then you use ExecuteScalar() to get this id .您可以在插入后更改评论测试并使用范围标识,然后使用 ExecuteScalar() 获取此 id 。 Better to use SP in such case.
在这种情况下最好使用 SP。
/// change here
cmd.CommandText = "INSERT INTO Receiver(Cname) " +
"values('" + Cname + "') ;select SCOPE_IDENTITY()";
var newID= Convert.ToInt32( cmd.ExecuteScalar());
--- better solution suggested by Steve is below -- I didnt tested this but this is approach .
using (var cmd = new SqlCommand(@"INSERT INTO Receiver(Cname) VALUES (@cname)", conn))
{
cmd.Parameters.AddRange(
new[]
{
new SqlParameter(@"cname", SqlDbType.VarChar).Value = cname
});
conn.Open();
cmd.ExecuteNonQuery();
}
Your code is insanely vulnerable to SQLInjection attack - someone is able to type into your textboxes SQL and have it executed on your database.您的代码非常容易受到SQLInjection攻击 - 有人能够在您的文本框中输入 SQL 并在您的数据库上执行它。
You can fix this, and your actual question by converting everything to a stored procedure, or using parameterized queries.您可以通过将所有内容转换为存储过程或使用参数化查询来解决此问题以及您的实际问题。
To get an identity back after an insert you use SCOPE_IDENTITY()
method.要在插入后取回身份,您可以使用
SCOPE_IDENTITY()
方法。
Your stored proc would look something like this (Note i dont know your data types so im guessing a bit):你存储的过程看起来像这样(注意我不知道你的数据类型所以我猜了一下):
CREATE PROC dbo.InsertVisitor
@CName NVARCHAR(100),
@FName NVARCHAR(100),
@MName NVARCHAR(100),
@LName NVARCHAR(100),
@PhoneNumber NVARCHAR(100)
AS
BEGIN
DECLARE @receiverId INT
INSERT INTO Cname (Receiver) VALUES (@CName)
SET @receiverId = SCOPE_IDENTITY();
INSERT INTO Visitor (FirstName, MiddleName, LastName, PhoneNumber,ReceiverID)
VALUES(@FName,@MName,@LName,@PhoneNumber,@receiverId)
END
Changes to your code are simply converting to call a stored proc instead of inline sql对代码的更改只是转换为调用存储过程而不是内联 sql
SqlCommand cmd = connection.CreateCommand();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "dbo.InsertVisitor";
cmd.Parameters.Add("@CName",SqlDbType.NVarChar).Value = TxtCname.Text;
// snip.. other parameters
cmd.ExecuteNonQuery();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.