stackoom
  简体   繁体   中英

How to form sql query based on the input provided by the user

 原文  2016-04-30 06:54:56       mysql/ asp.net

Question

I'm making a create user page in which users are created by admin. In that page 6 fields are mandatory and 4 fields are optional.

I'm having difficulty in writing sql query according to the input provided by the admin. Firstly i have to check which inputs are provided by the admin and then i have to run query according to that. Values entered by admin are assigned to properties and then queries are build according to values present in properties.

I'm using very inefficient code right now. It's running fine but it can be better.

My insert data code is: 

public void InsertData()
    {
        try
        {
            var cn = ConfigurationManager.AppSettings["SGSDataBase_CN"];
            con = new SqlConnection(cn);
            con.Open();

            com = new SqlCommand();
            com.Connection = con;
            com.CommandType = CommandType.Text;

            if (ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email == null)
            {

                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.ExecuteNonQuery();
            }

            else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email == null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.ExecuteNonQuery();
            }

            else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth, @MobileNo)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.ExecuteNonQuery();
            }

            else if (ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth, @MobileNo, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, DateOfBirth, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @DateOfBirth, @MobileNo, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @MobileNo, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                //com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                //com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                //com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email == null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, DateOfBirth) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @DateOfBirth)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                //com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                //com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }


            else if(ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @MobileNo)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                //com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                //com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();

            }

            else if(ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin,DateOfBirth, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin,@DateOfBirth, @MobileNo)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                //com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                //com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                //com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @MobileNo)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                //com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                //com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }


            else if(ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, DateOfBirth, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @DateOfBirth, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                //com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                //com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }


            else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                //com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else if (ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @MobileNo, @Email)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
                //com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
                com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
                com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
                com.ExecuteNonQuery();
            }

            else
            {
                com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin)";
                com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
                com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
                com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
                com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
                com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
                com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
                com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
                com.ExecuteNonQuery();
            }
        }
        catch (Exception ex)
        {
            throw ex;
        }
        finally
        {
            if (com != null)
                com.Dispose();

            if (con != null)
                con.Dispose();

            com = null;
            con = null;
        }

    }

Please suggest efficient way to perform this action.

Thanks in advance

1 answers

solution1
 0 ACCPTED  2016-04-30 08:27:39

Without writing everything out this would be the idea:

Declare empty variables: 

int UserId = 0;
string userName = "";

Fill variables with your data (assuming you are using a function?): 

private void function(int id, string name, ...further params...) {
    int UserId = 0;
    string userName = "";

    UserId = (id!=null) ? id : 0; /*Shorthand if statement to handle null values*/
    userName = name;
    /*further params*/

Add to query: 

private void function(int id, string name ...further params...) {
    int UserId = 0;
    string userName = "";

    int UserID = id;
    string userName = name;
    /*further params*/

    com.CommandText = "INSERT INTO dms.Users_Table (all of your columns here) VALUES (@UserID, @UserName, ...all params declared above...)";
    com.Parameters.AddWithValue("@UserID", UserID);
    com.Parameters.AddWithValue("@UserName", userName);
    /*further adding*/
}

Having looked around I found that using .add().value is better than .AddWithValue so maybe take a look into change this as well

.add() would be com.Parameters.Add("@UserID", SqlDbType.Int).value = UserID;

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Difficulty changing SQL query in PHP document based on user input from form User provided input SQL-escaping Query an SQL table to return the value of the same row based on user input Choosing the correct SQL query based off user input Building a dynamic SQL query based on user input in Java laravel : How to run query for user input in sql? MySQL query based on user input MySQL ProgrammingError on simple SELECT query with user-provided input Retrieve Columns from SQL Database Table Based on User Input in HTML Form php mysql based on user input form
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM