删除表中的行不起作用

时间:2012-08-11 09:39:00

标签: c# sql-server-express

我正在尝试删除users_stocks表中的一行。

我使用此代码:

public bool removeStock(string user_name,string stock_symbol)
{
    user_name = user_name.Trim();
    stock_symbol = stock_symbol.Trim();
    string statement = "DELETE FROM " + "users_stocks" + " WHERE user_name = '" + user_name + "'" + " AND " + "stock_symbol = " + "'" + stock_symbol + "'" ;
    SqlCommand cmdnon = new SqlCommand(statement, connection);
    try
    {
        connection.Open();
        int num = cmdnon.ExecuteNonQuery();
         connection.Close();
        return true;
    }
    catch (SqlException ex)
    {
        Console.WriteLine(ex.ToString());
        connection.Close();
        return false;
    }
}

此数据有一行,但查询不会删除它。

我缺少什么?

3 个答案:

答案 0 :(得分:4)

使用参数化查询来避免Sql Injection Attacks并引用问题 更不用说参数化查询可以由SqlServer的优化引擎存储并更快地重用。每次发送到数据库时都会重新评估手工查询 - 

public bool removeStock(string user_name,string stock_symbol) 
{ 
    user_name = user_name.Trim(); 
    stock_symbol = stock_symbol.Trim(); 
    string statement = "DELETE FROM users_stocks " + 
                        "WHERE user_name = @name AND stock_symbol = @stock" ; 
    SqlCommand cmdnon = new SqlCommand(statement, connection); 
    try 
    { 
        cmdnon.Parameters.AddWithValue("@name", user_name);
        cmdnon.Parameters.AddWithValue("@stock", stock_symbol);
        connection.Open(); 
        int num = cmdnon.ExecuteNonQuery(); 
        connection.Close(); 
        return true; 
    } 
    catch (SqlException ex) 
    { 
        Console.WriteLine(ex.ToString()); 
        connection.Close(); 
        return false; 
    } 
}

答案 1 :(得分:3)

正如Luis Quijada上面提到的使用参数,它们更安全。在下面的代码中,只需将YOUR_CONNECTION_STRING值和SqlDbType更改为数据库中匹配的值。

    public bool removeStock(string user_name, string stock_symbol)
    {
        using(SqlConnection connection = new SqlConnection("YOUR_CONNECTION_STRING"))
        {
            using(SqlCommand command = new SqlCommand())
            {
                try
                {
                    command.Connection = connection;
                    command.CommandText = "DELETE FROM user_stocks WHERE user_name=@USERNAME AND stock_symbol=@STOCKSYMBOL";
                    command.Parameters.Add("@USERNAME", SqlDbType.VarChar).Value = user_name.Trim();
                    command.Parameters.Add("@STOCKSYMBOL", SqlDbType.VarChar).Value = stock_symbol.Trim();
                    connection.Open();

                    int i = command.ExecuteNonQuery();

                    if (i == 0)
                        return false;

                    return true;
                }
                catch (Exception ex)
                {
                    Console.WriteLine(ex.ToString());
                    connection.Close();
                    return false;
                }
                finally
                {
                    connection.Close();
                }
            }
        }
    }

答案 2 :(得分:1)

试试这段代码:

  public bool removeStock(string user_name,string stock_symbol)
  {
      user_name = user_name.Trim();
      stock_symbol = stock_symbol.Trim();
      string statement = "DELETE FROM users_stocks 
                          WHERE user_name = '" + user_name + "' 
                          AND stock_symbol = '" + stock_symbol + "'" ;
      SqlCommand cmdnon = new SqlCommand(statement, connection);
      try
      {
          connection.Open();
          int num = cmdnon.ExecuteNonQuery();
          connection.Close();
          return true;
      }
      catch (SqlException ex)
      {
          Console.WriteLine(ex.ToString());
          connection.Close();
          return false;
      }
  }

更改查询

相关问题
最新问题