如何只更新数据库的某些列?

时间:2012-08-25 12:47:43

标签: asp.net sql-server-2008 ado.net

仅更新电子邮件时出现的问题所有其他空白都为空。即使我未经检查在sql server 2008中允许null。我的代码是 - 

protected void Updateinfo_Click(object sender, EventArgs e)
{
    string radiogender;
    if (Radiochngmale.Checked == true)
        radiogender = Radiochngmale.Text.ToString();
    else
        radiogender = Radiochngfemale.Text.ToString();
    SqlConnection con = new SqlConnection();
    con.ConnectionString = ConfigurationManager.ConnectionStrings["Con"].ConnectionString;
    con.Open();
    if (con.State == ConnectionState.Open)
    {
        SqlCommand cmd = new SqlCommand();
        Random r = new Random();
        int next = r.Next();
        if (FileUpload2.HasFile)
        {
            string myMap = MapPath("~/").ToLower();
            string ImageName = FileUpload2.PostedFile.FileName;
            sImageFileExtension = ImageName.Substring(ImageName.LastIndexOf(".")).ToLower();
            if (sImageFileExtension == ".gif" || sImageFileExtension == ".png" || sImageFileExtension == ".jpg" || sImageFileExtension == ".jpeg" || sImageFileExtension == ".bmp")
            {
                string ImageSaveURL = myMap + "UserImage/" + next + sImageFileExtension;
                FileUpload2.PostedFile.SaveAs(ImageSaveURL);
            }
            else
                Response.Write("Invalid File");
        }
        cmd.Connection = con; 
        if(chngfname.Text==null)
            chngfname.Text="Select Firstname from Login where Email='"+Session["UserName"]+"'";
        if (chnglastname.Text == null)
            chnglastname.Text = "Select Lastname from Login where Email='" + Session["UserName"] + "'";
        if (chngage.Text == null)
            chngage.Text = "Select age from Login where Email='" + Session["UserName"] + "'";
        if (chngemail.Text == null)
            chngemail.Text = "Select Email from Login where Email='" + Session["UserName"] + "'";
        if (radiogender == null)
            radiogender = "Select gender from Login where Email='" + Session["UserName"] + "'";
        if (chngpassword.Text == null)
            chngpassword.Text = "Select Password from Login where Email='" + Session["UserName"] + "'";
        if ( FileUpload2.HasFile==null)
             sImageFileExtension = "Select profile_pic from Login where Email='" + Session["UserName"] + "'";
        if (chngfname.Text == null)
            chngfname.Text = "Select Firstname from Login where Email='" + Session["UserName"] + "'";
        cmd.CommandText =  "Update Login set FirstName = '"+chngfname.Text+"',LastName='"+chnglastname.Text+"',Email='"+chngemail.Text+"',Password='"+chngpassword.Text+"' ,gender='"+radiogender+"',age='"+chngage.Text+"' , profile_pic='"+ next + sImageFileExtension + "' where Email='"+Session["UserName"]+"'";  
        cmd.CommandType = CommandType.Text; 
        cmd.ExecuteNonQuery();
        }
    }

为什么即使我提到它也没有采用以前的值。请检查出来并将其整理出来

2 个答案:

答案 0 :(得分:2)

这种情况正在发生,因为TextBox.Text永远不会为空,因此您的SQL查询最终看起来像这样:

Update Login 
  set FirstName = '', 
      LastName = '',
where Email = 'John.doe@nowhere.net'

-- etc...

除了数据实际设置为某个字段的一个或两个字段外。这可能是你想要它的样子:

update login
  set FirstName = 'John', 
      LastName = (select Lastname from login where email = 'John.doe@nowhere.net'), 
      etc...
where email = 'John.doe@nowhere.net'

但是,不需要子查询。如果要避免覆盖值为null或空字符串的值,则希望SQL看起来如下所示,使用Parameters并在文本框为空时将它们设置为DbNull。

cmd.Parameters.AddWithValue("@FirstName", (chngfname.Text == String.Empty) ? DbNull.Value : chngfname.Text;

update login
  set FirstName = coalesce(@firstName, FirstName), 
      LastName = coalesce(@LastName, LastName), 
      etc...
where Email = @Email

另一个选项是首先选择记录(我确定你已经完成了)并且只使用数据库中已有的相同值。

if (chngfname.Text == String.Empty) chngfname.Text = Session["CurrentUserEntity"].FirstName;

此外,您需要将其更改为参数化查询:

string sql = "update login set FirstName = @firstName, LastName = @lastName, etc... where email = @email;
cmd.Parameters.Add(...);

答案 1 :(得分:1)

您应该尝试使用参数化查询而不是当前的字符串连接方法 这将解决引用问题并防止sql受伤攻击

cmd.CommandText =  "Update Login set FirstName = @First, LastName=@Last, " +
                   "Email=@Mail, Password=@Pass, gender=@Gend,age=@Age, " + 
                   "profile_pic=@Prof " + 
                   "where Email=@oldMail";
cmd.Parameters.AddWithValue("@First", chngfname.Text);
cmd.Parameters.AddWithValue("@Last", chnglastname.Text);
cmd.Parameters.AddWithValue("@Mail", chngemail.Text);
cmd.Parameters.AddWithValue("@Pass", chngpassword.Text);
cmd.Parameters.AddWithValue("@Gend", radiogender);
cmd.Parameters.AddWithValue("@Age", chngage.Text);
cmd.Parameters.AddWithValue("@Prof", next + sImageFileExtension );
cmd.Parameters.AddWithValue("@oldMail", +Session["UserName"]);

但是,正如我在之前的评论中所说,您的代码似乎不正确 首先,TextBox.Text不能为null,它是一个空字符串。这将跳过上面的空值的文本,最后在数据库中设置一个空值。至少尝试用

更改测试 
if(string.IsNullOrEmpty(chngfname.Text))
    ......

但是此时你应该更改每个内部的代码。如果您的意图是从数据库中检索旧值并在空字符串的情况下使用它们,则需要执行该字符串,而不是将其存储在文本框中。

编辑:在开始更新过程之前,您需要加载要更新的记录的旧值。这可以使用相同的连接

完成 
   SqlDataAdapter da = new SqlDataAdapter("SELECT * from Login where EMail = @oldMail", con);
   da.SelectCommand.Parameters.AddWithValue("@oldMail", Session["UserName");
   DataTable dt = new DataTable();
   da.Fill(dt);

现在您在数据表中拥有该用户的所有旧值,因此当您检查旧值时,您可以编写类似这样的内容

if(string.IsNullOrEmpty(chngfname.Text))
    cngfname.Text = (dt.Rows["FirstName"]  == DBNull.Value ? string.Empty : dt.Rows["FirstName"].ToString());

并删除该sql字符串,因为您已经检索了每个可能缺少的字段的值

相关问题
最新问题