你好我总是使用SQlcommand进行非查询但现在出错了我不知道我有3个按钮,操作更新插入和删除但是我为所有3个操作创建了唯一的方法,问题是它没有插入删除或更新:
private void operacao(String operacao) {
String comando = "";
con = new SqlConnection();
WorksDataSet dataset = new WorksDataSet();
con.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Works.mdf;Integrated Security=True;User Instance=True;Asynchronous Processing=true";
try
{
con.Open();
}
catch (SqlException cox) {
MessageBox.Show(cox.Message, this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
switch (operacao) {
case "inserir":
try
{
comando = "Insert Into Estudante (Codigo,Nome,Apelido) values(" + txtID.Text + ",'" + txtNome.Text + "','" + txtapelido.Text + "')";
SqlCommand command = new SqlCommand(comando, con);
SqlDataAdapter sda=new SqlDataAdapter(command);
command.CommandType = CommandType.Text;
sda.Fill(dataset);
command.ExecuteNonQuery();
command.Dispose();
MessageBox.Show("Adicionado com Sucesso", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Information);
}
catch (SqlException sex) {
MessageBox.Show(sex.Message , this.Text,MessageBoxButtons.OK,MessageBoxIcon.Error );
}
break;
case "apagar":
comando = "delete from Estudante where Codigo=" + txtID;
try
{
SqlCommand command = new SqlCommand(comando, con);
command.BeginExecuteNonQuery();
MessageBox.Show("Removido com Sucesso", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Information);
}
catch (SqlException sex)
{
MessageBox.Show(sex.Message, this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
break;
case "atualizar":
comando = "update table Estudante set nome='" + txtNome + "'^ apelido='" + txtapelido + "'";
try
{
SqlCommand command = new SqlCommand(comando, con);
command.BeginExecuteNonQuery();
MessageBox.Show("Actualizado com Sucesso", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Information);
}
catch (SqlException sex)
{
MessageBox.Show(sex.Message, this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
break;
default:
break
;
}
con.Close();
}
答案 0 :(得分:4)
您应该使用参数化查询。 ALWAYS .....
这是插入操作。
comando = "Insert Into Estudante (Codigo,Nome,Apelido) values(@id, @nome, @apelido");
SqlCommand command = new SqlCommand(comando, con);
command.Parameters.AddWithValue("@id", txtID.Text);
command.Parameters.AddWithValue("@nome", txtNome.Text);
command.Parameters.AddWithValue("@apelido", txtapelido.Text);
command.CommandType = CommandType.Text;
command.ExecuteNonQuery();
此处无需使用数据集或数据适配器。只是ExecuteNonQuery
这是删除操作。
comando = "delete from Estudante where Codigo=@id";
SqlCommand command = new SqlCommand(comando, con);
command.Parameters.AddWithValue("@id", txtID.Text);
command.CommandType = CommandType.Text;
command.ExecuteNonQuery();
请注意,您应该传递Text属性,而不是整个TextBox
这适用于更新操作
comando = "update table Estudante set nome=@nome, apelido=@apelido where codigo=@id";
SqlCommand command = new SqlCommand(comando, con);
command.Parameters.AddWithValue("@id", txtID.Text);
command.Parameters.AddWithValue("@nome", txtNome.Text);
command.Parameters.AddWithValue("@apelido", txtapelido.Text);
command.CommandType = CommandType.Text;
command.ExecuteNonQuery();
此处还使用Text属性而不是TextBox对象
通过这种方式,您无需担心字符串参数中的引号,而是关闭了通向左侧的门 Sql Injection Attacks
答案 1 :(得分:1)
要执行insert/delete/update语句,您只需创建SqlCommand和SqlConnection对象。 DataSet和DataAdapter无用。
要插入一行:
string cnstr=@"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Works.mdf;Integrated Security=True;User Instance=True;Asynchronous Processing=true";
using(SqlConnection con = new SqlConnection(cnstr))
{
string sql = "Insert Into Estudante (Codigo,Nome,Apelido) values(@Codigo,@Nome,@Apelido)";
using(SqlCommand command= new SqlCommand(sql,con))
{
command.Parameters.Add("@Codigo",SqlDbType.Int).Value=txtID.Text;
command.Parameters.Add("@Nome",SqlDbType.VarChar,30).Value=txtNome.Text;
command.Parameters.Add("@Apelido",SqlDbType.VarChar,30).Value=txtapelido.Text;
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
}
答案 2 :(得分:0)
您正在调用sqlDataAtapter的Fill方法来填充不必要的数据库。删除该语句并查看。这应该有用。