[英]How to form sql query based on the input provided by the user
我正在創建一個由admin創建用戶的創建用戶頁面。 在該頁面中,6個字段是必填字段,4個字段是可選字段。
我在根據管理員提供的輸入編寫sql查詢時遇到困難。 首先,我必須檢查管理員提供的輸入,然后根據該命令運行查詢。 將admin輸入的值分配給屬性,然后根據屬性中存在的值構建查詢。
我現在正在使用效率很低的代碼。 它運行良好,但可能會更好。
我的插入數據代碼是:
public void InsertData()
{
try
{
var cn = ConfigurationManager.AppSettings["SGSDataBase_CN"];
con = new SqlConnection(cn);
con.Open();
com = new SqlCommand();
com.Connection = con;
com.CommandType = CommandType.Text;
if (ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth, @MobileNo)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.ExecuteNonQuery();
}
else if (ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth, @MobileNo, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, DateOfBirth, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @DateOfBirth, @MobileNo, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @MobileNo, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
//com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
//com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
//com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if (ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, DateOfBirth) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @DateOfBirth)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
//com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
//com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @MobileNo)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
//com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
//com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin,DateOfBirth, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin,@DateOfBirth, @MobileNo)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
//com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
//com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
//com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email == null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, MobileNo) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @MobileNo)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
//com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
//com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray == null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, DateOfBirth, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @DateOfBirth, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
//com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
//com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if(ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth != null && ClsCreateUsersProperty.PhoneNumber == null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, DateOfBirth, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @DateOfBirth, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
//com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else if (ClsCreateUsersProperty.ImageArray != null && ClsCreateUsersProperty.DateOfBirth == null && ClsCreateUsersProperty.PhoneNumber != null && ClsCreateUsersProperty.Email != null)
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin, Image, MobileNo, Email) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin, @Image, @MobileNo, @Email)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.Parameters.AddWithValue("@Image", ClsCreateUsersProperty.ImageArray);
//com.Parameters.AddWithValue("@DateOfBirth", ClsCreateUsersProperty.DateOfBirth);
com.Parameters.AddWithValue("@MobileNo", ClsCreateUsersProperty.PhoneNumber);
com.Parameters.AddWithValue("@Email", ClsCreateUsersProperty.Email);
com.ExecuteNonQuery();
}
else
{
com.CommandText = "INSERT INTO dms.Users_Table (UserId, UserName, Password, Department, CreatedOn, ExpiredOn, IsAdmin) VALUES (@UserID, @UserName, @Password, @Department, @CreatedOn, @ExpiredOn, @IsAdmin)";
com.Parameters.AddWithValue("@UserID", ClsCreateUsersProperty.UserId);
com.Parameters.AddWithValue("@UserName", ClsCreateUsersProperty.UserName);
com.Parameters.AddWithValue("@Password", ClsCreateUsersProperty.Password);
com.Parameters.AddWithValue("@Department", ClsCreateUsersProperty.Department);
com.Parameters.AddWithValue("@CreatedOn", ClsCreateUsersProperty.CreatedOn);
com.Parameters.AddWithValue("@ExpiredOn", ClsCreateUsersProperty.ExpiredOn);
com.Parameters.AddWithValue("@IsAdmin", ClsCreateUsersProperty.IsAdmin);
com.ExecuteNonQuery();
}
}
catch (Exception ex)
{
throw ex;
}
finally
{
if (com != null)
com.Dispose();
if (con != null)
con.Dispose();
com = null;
con = null;
}
}
請提出執行此操作的有效方法。
提前致謝
如果不把所有內容都寫出來,那就是這個想法:
聲明空變量:
int UserId = 0;
string userName = "";
用數據填充變量(假設您正在使用函數?):
private void function(int id, string name, ...further params...) {
int UserId = 0;
string userName = "";
UserId = (id!=null) ? id : 0; /*Shorthand if statement to handle null values*/
userName = name;
/*further params*/
添加到查詢:
private void function(int id, string name ...further params...) {
int UserId = 0;
string userName = "";
int UserID = id;
string userName = name;
/*further params*/
com.CommandText = "INSERT INTO dms.Users_Table (all of your columns here) VALUES (@UserID, @UserName, ...all params declared above...)";
com.Parameters.AddWithValue("@UserID", UserID);
com.Parameters.AddWithValue("@UserName", userName);
/*further adding*/
}
環顧四周后,我發現使用.add().value比.AddWithValue更好,因此也許也可以考慮對此進行更改
.add()為com.Parameters.Add("@UserID", SqlDbType.Int).value = UserID;
根據表單中的用戶輸入,很難更改PHP文檔中的SQL查詢
[英]Difficulty changing SQL query in PHP document based on user input from form
MySQL ProgrammingError 在簡單的 SELECT 查詢與用戶提供的輸入
[英]MySQL ProgrammingError on simple SELECT query with user-provided input
根據HTML表單中的用戶輸入從SQL數據庫表中檢索列
[英]Retrieve Columns from SQL Database Table Based on User Input in HTML Form
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.