[英]Difficulty changing SQL query in PHP document based on user input from form
[英]How to form sql query based on the input provided by the user
我正在创建一个由admin创建用户的创建用户页面。 在该页面中,6个字段是必填字段,4个字段是可选字段。
我在根据管理员提供的输入编写sql查询时遇到困难。 首先,我必须检查管理员提供的输入,然后根据该命令运行查询。 将admin输入的值分配给属性,然后根据属性中存在的值构建查询。
我现在正在使用效率很低的代码。 它运行良好,但可能会更好。
我的插入数据代码是:
public void InsertData()
{
try
{
var cn = ConfigurationManager.AppSettings["SGSDataBase_CN"];
con = new SqlConnection(cn);
con.Open();
com = new SqlCommand();
com.Connection = con;
com.CommandType = CommandType.Text;
if (ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth, @MobileNo)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.ExecuteNonQuery();
}
else if (ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth, @MobileNo, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, DateOfBirth, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @DateOfBirth, @MobileNo, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @MobileNo, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
//com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
//com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
//com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, DateOfBirth) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @DateOfBirth)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
//com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
//com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @MobileNo)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
//com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
//com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin,DateOfBirth, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin,@DateOfBirth, @MobileNo)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
//com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
//com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
//com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @MobileNo)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
//com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
//com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, DateOfBirth, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @DateOfBirth, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
//com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
//com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if (ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @MobileNo, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
//com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.ExecuteNonQuery();
}
}
catch (Exception ex)
{
throw ex;
}
finally
{
if (com != null)
com.Dispose();
if (con != null)
con.Dispose();
com = null;
con = null;
}
}
请提出执行此操作的有效方法。
提前致谢
如果不把所有内容都写出来,那就是这个想法:
声明空变量:
int UserId = 0;
string userName = "";
用数据填充变量(假设您正在使用函数?):
private void function(int id, string name, ...further params...) {
int UserId = 0;
string userName = "";
UserId = (id!=null) ? id : 0; /*Shorthand if statement to handle null values*/
userName = name;
/*further params*/
添加到查询:
private void function(int id, string name ...further params...) {
int UserId = 0;
string userName = "";
int UserID = id;
string userName = name;
/*further params*/
com.CommandText = "INSERT INTO dms.Users_Table (all of your columns here) VALUES (@UserID, @UserName, ...all params declared above...)";
com.Parameters.AddWithValue("@UserID", UserID);
com.Parameters.AddWithValue("@UserName", userName);
/*further adding*/
}
环顾四周后,我发现使用.add().value
比.AddWithValue
更好,因此也许也可以考虑对此进行更改
.add()
为com.Parameters.Add("@UserID", SqlDbType.Int).value = UserID;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.