如何使用Winforms C#在数据库多个表中插入记录
[英]How do I Insert records in database multiple Tables using winforms c#
问题描述
I have a winform which i have attached here.. When i Insert record in Customer table, I also want to add the record in the orderlineitems table in my database as of which the record in the Order table will also be inserted. 
我在这里附加了一个winform。.当我在Customer表中插入记录时,我也想在数据库的orderlineitems表中添加记录,从该表中也将插入Order表中的记录。 I have inserted the record in Customer table but when i insert record in OrderLineItems table, it shows an error. 我已经在“客户”表中插入了记录,但是当我在“ OrderLineItems”表中插入记录时,它显示了错误。
I also wanted to ask that, my OrderLineItems Table in database contains columns as : 我还想问一下,数据库中的OrderLineItems表包含以下列:
- ID(pk) 编号(pk)
- OrderID(pk) 订单ID(pk)
- Quantity 数量
- Particular 特定
- Rates 费率
- Status 状态
On my Form, I have only quantity, particular and rates fields from which i can get their values but i dont have Status and Orderid values on my winform. 在我的表格上,我只有数量,详细信息和费率字段,可以从中获取其值,但我的Winform上没有Status和Orderid值。 how do i get the values of status and orderId then? 我如何获取status和orderId的值呢?
My Code is: 我的代码是:
private void buttonInsert_Click(object sender, EventArgs e)
{
string SQL = String.Format("Insert into Customer values ('{0}','{1}','{2}')", textBoxName.Text, textBoxContactNo.Text, textBoxAddress.Text);
//string SQL1 = String.Format("Insert into Order values ({0},'{1}','{2}',{3})",);
DataManagementClass dm = new DataManagementClass();
int result = dm.ExecuteActionQuery(SQL);
if (result > 0)
{
for (int i = 0; i < recordsDataGridView.RowCount ; i++)
{
string query = String.Format("Insert into OrderLineItems values({0},'{1}','{2}','{3}',{4})",7,QuantityColumn, ParticularColumn, RatesColumn,1);
dm.ExecuteActionQuery(query);
}
//string query = String.Format("Insert into OrderLineItems values ('{0}','{1},'{2}'
}
What am i doing wrong here. 我在这里做错了什么。 please guide me the correct way. 请以正确的方式指导我。 Thanx.. 谢谢
2 个解决方案
解决方案1
2 2011-09-28 19:55:35
Suggest a few enhancements to get your business logic working and maintainable: 建议一些增强功能,以使业务逻辑正常运行和可维护:
- write a stored procedure for your
CreateCustomerandCreateLineItemroutines in your database.在数据库中为CreateCustomer和CreateLineItem例程编写存储过程。 - use a SqlCommand and its Parameters collection. 使用SqlCommand及其参数集合。 Stop whatever you're doing right now and guard against SQL injection. 停止当前正在执行的任何操作,并防止SQL注入。
- remove all this code from the button click event. 从按钮单击事件中删除所有这些代码。
- create new methods like
CreateCustomerandCreateLineItems.创建新方法,例如CreateCustomer和CreateLineItems。 Call these method from your button click handler method.从按钮单击处理程序方法中调用这些方法。
private void buttonInsert_Click(object sender, EventArgs e)
{
int result = CreateCustomer(textBoxName.Text.Trim(),
textBoxContactNo.Text.Trim(),
textBoxAddress.Text.Trim());
if (result > 0)
{
foreach(var row in recordsDataGridView.Rows)
{
CreateLineItem(quantity, particulars, rates);
}
}
解决方案2
1 2011-09-28 19:55:35
You are inserting values like this: '{1}','{2}','{3}' 您正在插入这样的值:'{1}','{2}','{3}'
This leads me to assume you are inserting string values. 这使我假设您要插入字符串值。
If there is an apostroph in your string values, it will cause a syntax error. 如果您的字符串值中存在撇号,则将导致语法错误。
Try 尝试
yourstring.replace("'", "''")
on the arguments. 论据。
Also, do as p.campbell suggest.. 另外,按照坎贝尔的建议进行。
Use parameters to prevent SQL injection.. 使用参数来防止SQL注入。
Somebody might malicously take advantage of your code's open security holes.. 有人可能会恶意利用您代码的开放安全漏洞。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.