[英]Multiple Insert statements in one connection
我需要一些技巧來更好地做到這一點,我正在使用一個連接插入多個查詢。
我知道這不是一個好的編程 ,尤其是它非常容易進行sql注入,我還想提到它不會僅僅在本地運行就不會出現在互聯網上。
這是我到目前為止所擁有的..
public partial class Modify : System.Web.UI.Page
{
OleDbConnection connection;
OleDbCommand command;
public void OpenConnection2()
{
connection = new OleDbConnection("");
command = new OleDbCommand();
connection.Open();
}
protected void btnSave_Click1(object sender, EventArgs e)
{
if (AcctNumList.SelectedValue == "3")
{
string query2 = String.Format(@"INSERT INTO ACH (rptid, tableid, name, amount, stat, create_date) values
('{0}','{1}','{2}','{3}','{4}','{5}')",
id, newguid, Name1TxtBox.Text.Replace("'", "''"), Amt1TxtBox.Text.Replace("'", "''"), 3, DateTime.Now.ToString());
string query3 = String.Format(@"INSERT INTO ACH (rptid, tableid, name, amount, stat, create_date) values
('{0}','{1}','{2}','{3}','{4}','{5}')",
id, newguid, Name2TxtBox.Text.Replace("'", "''"), Amt2TxtBox.Text.Replace("'", "''"), 3, DateTime.Now.ToString());
string query4 = String.Format(@"INSERT INTO ACH (rptid, tableid, name, amount, stat, create_date) values
('{0}','{1}','{2}','{3}','{4}','{5}')",
id, newguid, Name3TxtBox.Text.Replace("'", "''"), Amt3TxtBox.Text.Replace("'", "''"), 3, DateTime.Now.ToString());
OpenConnection2();
command.Connection = connection;
command.CommandText = query2;
int c = command.ExecuteNonQuery();
connection.Close();
}
if (AcctNumList.SelectedValue == "4")
{
string query2 = String.Format(@"INSERT INTO ACH (rptid, tableid, name, amount, stat, create_date) values
('{0}','{1}','{2}','{3}','{4}','{5}')",
id, newguid, Name1TxtBox.Text.Replace("'", "''"), Amt1TxtBox.Text.Replace("'", "''"), 3, DateTime.Now.ToString());
string query3 = String.Format(@"INSERT INTO ACH (rptid, tableid, name, amount, stat, create_date) values
('{0}','{1}','{2}','{3}','{4}','{5}')",
id, newguid, Name2TxtBox.Text.Replace("'", "''"), Amt2TxtBox.Text.Replace("'", "''"), 3, DateTime.Now.ToString());
string query4 = String.Format(@"INSERT INTO ACH (rptid, tableid, name, amount, stat, create_date) values
('{0}','{1}','{2}','{3}','{4}','{5}')",
id, newguid, Name3TxtBox.Text.Replace("'", "''"), Amt3TxtBox.Text.Replace("'", "''"), 3, DateTime.Now.ToString());
string query5 = String.Format(@"INSERT INTO ACH (rptid, tableid, name, amount, stat, create_date) values
('{0}','{1}','{2}','{3}','{4}','{5}')",
id, newguid, Name4TxtBox.Text.Replace("'", "''"), Amt4TxtBox.Text.Replace("'", "''"), 3, DateTime.Now.ToString());
OpenConnection2();
command.Connection = connection;
command.CommandText = query2;
int c = command.ExecuteNonQuery();
connection.Close();
}
您應該參數化您的查詢-ALWAYS ,但現在您可以將這些查詢與;
然后執行一次,如下所示:
string allQueries = string.join(';', query2, query3, query4, query5);
command.CommandText = allQueries;
int c = command.ExecuteNonQuery();
當前,您僅在執行一個查詢。 分號;
標記SQL中的語句結尾,因此將這些語句與;
結合使用 將使它們成為獨立的語句,但是它們將在一次執行中執行。
kcray-這對我有用。
string[] arr = { query2, query3 };
string allQueries = string.Join(";", arr);
command.CommandText = allQueries;
int c = command.ExecuteNonQuery();
您僅執行query2而不執行query3和query4命令文本
OpenConnection2();
command.Connection = connection;
command.CommandText = query2;
int c = command.ExecuteNonQuery();
command.CommandText = query3;
c = command.ExecuteNonQuery();
command.CommandText = query4;
c = command.ExecuteNonQuery();
connection.Close();
如此說來,如果您不必擔心Sql Injection,那么實際上也應該使用參數,因為您的代碼將更加清晰,並且您不必擔心解析字符串以替換引號,為datetime字段准備正確的字符串並使用浮點值的正確小數點字符
另一個優化是通過using語句 。
在這種情況下,您的OpenConnection2應該返回創建並打開的OleDbConnection,而無需使用全局連接對象(對於基於文件的數據庫也總是一種不良做法)
public OleDbConnection OpenConnection2()
{
OleDbConnection connection = new OleDbConnection("");
connection.Open();
return connection;
}
然后在您的代碼中,您將能夠使用using語句,該語句將確保正確關閉並在不再需要時處置連接
using(OleDbConnection cn = OpenConnection2())
using(OleDbCommand command = new OleDbCommand())
{
command.Connection = connection;
command.CommandText = query2;
int c = command.ExecuteNonQuery();
command.CommandText = query3;
c = command.ExecuteNonQuery();
command.CommandText = query4;
c = command.ExecuteNonQuery();
} // here the connection will be closed and disposed
最后,如果您要對MS Access數據庫運行這些查詢,則需要一個一個地執行它們,因為不支持多語句
將您的SELECT語句聯合在一起,以將多個行插入同一張表中。
INSERT INTO dbo.Products (ID, [Name])
SELECT 1, 'Car'
UNION ALL
SELECT 2, 'Boat'
UNION ALL
SELECT 3, 'Bike'
在OledbCommand上無法執行多個查詢。 您在這里有2個選擇
或因為您僅插入一個表,所以在您的情況下,您可以像這樣設計查詢(僅作為示例)
INSERT INTO ACH (rptid, tableid, name, amount, stat, create_date)
SELECT 1,1, 'Value3',2,2,DateTime.Now.ToString()
UNION
SELECT 1,1, 'Value3',2,2,DateTime.Now.ToString()
UNION
SELECT 1,1, 'Value3',2,2,DateTime.Now.ToString()
UNION
SELECT 1,1, 'Value3',2,2,DateTime.Now.ToString()
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.