如何将数据插入数据库? - 用户定义的类
[英]How to Insert Data to the Database? - User Defined Classes
问题描述
我正在试验数据库,我正在寻找不同的方法来优化我的代码。 在这里,我使用不同的类来停止重写相同的代码,例如添加,删除和更新,我们使用相同的ExecuteNonQuery()方法。 到目前为止,除了Insert之外,Update删除方法运行良好。 编译器不会给出任何错误,但从文本框中获取的值不会转到变量字符串查询。 我是c#编码的新手。 谁能帮我? 还是建议?
using DBconnectionExercise.DBConnection_Components;
namespace DBconnectionExercise
{
public partial class Student_Form : Form
{
DBComps dc = new DBComps();
//public string constring;
//public SqlConnection con = null;
//public SqlCommand com = null;
public String query;
public Student_Form()
{
InitializeComponent();
//constring = "Data Source=ASHANE-PC\\ASHANESQL;Initial Catalog=SchoolDB;Integrated Security=True";
//con = new SqlConnection(constring);
dc.ConnectDB();
}
private void Form1_Load(object sender, EventArgs e)
{
loadGridData();
}
private void dtp_dob_ValueChanged(object sender, EventArgs e)
{
DateTime Now = DateTime.Today;
DateTime Dob = dtp_dob.Value.Date;
int a = Now.Year - Dob.Year;
if (Now < Dob.AddYears(a)) a--;
tb_Age.Text = a.ToString();
}
private void loadGridData()
{
try
{
query = "Select * from tb_Student";
//dc.OpenCon();
//SqlDataAdapter da = new SqlDataAdapter(query, con);
DataTable dt1 = new DataTable();
dt1 = dc.Data_Table(query);
//da.Fill(dt);
Stu_DataGrid.DataSource = dt1;
//con.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
private void ClearData()
{
tb_Name.Clear();
tb_Address.Clear();
tb_Telno.Clear();
tb_Search.Clear();
tb_Age.Clear();
dtp_dob.Value = DateTime.Today;
}
private void btn_Add_Click(object sender, EventArgs e)
{
try
{
String name = tb_Name.Text;
DateTime dob = dtp_dob.Value.Date;
int age = Convert.ToInt32(tb_Age.Text);
String Address = tb_Address.Text;
int telno = Convert.ToInt32(tb_Telno.Text);
int line = 0;
//con.Open();
query = "Insert into tb_Student values(@Stu_Name, @Stu_DOB, @Age, @Stu_Address, @Stu_Tel_no)";
//query = "Insert into tb_Student (Stu_Name, Stu_DOB, Age, Stu_Address, Stu_Tel_no) Values('" + name + "','" + dob + "','" + age + "','" + Address + "','" + telno + "')";
MessageBox.Show(query);
//com = new SqlCommand(query, con);
// This is the Insert/save code
DBComps.com.Parameters.AddWithValue("@Stu_Name", name);
DBComps.com.Parameters.AddWithValue("@Stu_DOB", dob);
DBComps.com.Parameters.AddWithValue("@Age", age);
DBComps.com.Parameters.AddWithValue("@Stu_Address", Address);
DBComps.com.Parameters.AddWithValue("@Stu_Tel_no", telno);
//line = com.ExecuteNonQuery();
line = dc.ExeNonQuery(query);
//com.Dispose();
//con.Close();
if (line > 0)
{
loadGridData();
ClearData();
MessageBox.Show("Data saved sucessfully!", "Data Saved", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
MessageBox.Show("Data not Saved", "Error Save", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
catch(Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
这是我用来编写Sql Function方法的DBComps类。
namespace DBconnectionExercise.DBConnection_Components
{
public class DBComps
{
public String conSring;
public SqlConnection con = null;
public static SqlCommand com = null;
public void ConnectDB()
{
conSring = "Data Source=ASHANE-PC\\ASHANESQL;Initial Catalog=SchoolDB;Integrated Security=True";
con = new SqlConnection(conSring);
}
public void OpenCon()
{
con.Open();
}
public void CloseCon()
{
con.Close();
}
public int ExeNonQuery(String query) //the method for Insert, update and delete.
{
int line = 0;
OpenCon();
com = new SqlCommand(query, con);
line = com.ExecuteNonQuery();
com.Dispose();
CloseCon();
return line;
}
}
}
2 个解决方案
解决方案1
2 2015-06-19 16:54:45
这是与数据库交谈的非常糟糕的方式,它可以使用SQL注入进行攻击,并且因为你正在学习,所以正确的时间指出这一点:
query = "Insert into tb_Student values('"+ name +"','"+ dob +"','"+ age +"','"+ Address +"','"+ telno +"')";
阅读sql注入的原因和方法,并寻找最佳实践以找到更好的方法。
解决方案2
1 已采纳 2015-06-17 17:08:53
好吧最后我按照我的预期想出了我的问题的答案。 这里怎么做;
private void btn_Add_Click(object sender, EventArgs e)
{
try
{
String name = tb_Name.Text;
DateTime dob = dtp_dob.Value.Date;
int age = Convert.ToInt32(tb_Age.Text);
String Address = tb_Address.Text;
int telno = Convert.ToInt32(tb_Telno.Text);
int line = 0;
query = "Insert into tb_Student values('"+ name +"','"+ dob +"','"+ age +"','"+ Address +"','"+ telno +"')";
MessageBox.Show(query); //To see it works!
line = dc.ExeNonQuery(query);
if (line > 0)
{
loadGridData();
ClearData();
MessageBox.Show("Data saved sucessfully!", "Data Saved", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
MessageBox.Show("Data not Saved", "Error Save", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
catch(Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
永远记住要完全写入查询语句变量/值,以便与表头一致。 否则会产生错误。 谢谢大家帮忙解决这个问题! :-)
多个用户如何同时将数据插入SQL数据库而又不将数据混合到数据库中。
[英]How can more than one user Insert data to the SQL database at the same time without mix the data on the database.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.