我第一次在这个网站上问qustion。 我有一个在Visual C#2008中创建的简单窗体,我将两个文本框中的值添加到访问2010数据库中的两个字段。该数据库名为TestDatabase.accdb,表为TestTable。两个变量,FirstName&地址分配给txt.FirstName和txt.Address的textbox.text值。在我看来,我也在语句中为这两个变量添加值,以便为OleDBCommand类添加参数:
myCommand.Parameters.Add("@FirstName", OleDbType.VarChar).Value = txtName.Text;
所以基本上它正在工作,但我不明白逻辑,因为好像我不需要使用
FirstName = txtName.Text;
或
Address = txtAddress.Text;
语句。如果我从TextChanged事件中删除代码,我会收到几个警告。
以下是代码:
namespace Test
{
public partial class Form1 : Form
{
private string FirstName;
private string Address;
private void cmdAdd_Click(object sender, EventArgs e)
{
string strSQL = "INSERT INTO TestTable(Name1, Address) VALUES(@FirstName, '@Address')";
// represents an open connection to a data source. Is a class
OleDbConnection myConnection = new OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\\TEMP\\TestDatabase.accdb");
// represents an SQL statement or stored procedure to execute against a data source
//( takes care of passing queries to the database). Is a class.
OleDbCommand myCommand = new OleDbCommand(strSQL, myConnection);
myCommand.Parameters.Add("@FirstName", OleDbType.VarChar).Value = txtName.Text;
myCommand.Parameters.Add("@Address", OleDbType.VarChar).Value = txtAddress.Text;
try
{
myConnection.Open();
myCommand.ExecuteNonQuery();
}
catch (Exception)
{
MessageBox.Show("Something went wrong");
}
finally
{
myConnection.Close();
}
}
private void txtName_TextChanged(object sender, EventArgs e)
{
//IsNullOrEmpty indicates whether the string is null ot an Empty string
//true if the value parameter is null or an empty string(""); otherwise, false
if (string.IsNullOrEmpty(txtName.Text))
{
//has no value
}
else
{
FirstName = txtName.Text;
}
}
private void txtAddress_TextChanged(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(txtAddress.Text))
{
//has no value
}
else
{
Address = txtAddress.Text;
}
}
}
}
答案 0 :(得分:3)
欢迎来到SO,凯文!
为了澄清一下,你本身并没有在这里设置两次值。
private void txtName_TextChanged(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(txtName.Text))
{
//has no value
}
else
{
FirstName = txtName.Text;
}
}
private void txtAddress_TextChanged(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(txtAddress.Text))
{
//has no value
}
else
{
Address = txtAddress.Text;
}
}
您设置上述代码中的值。
private void cmdAdd_Click(object sender, EventArgs e)
{
string strSQL = "INSERT INTO TestTable(Name1, Address) VALUES(@FirstName, @Address)";
OleDbConnection myConnection = new OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\\TEMP\\TestDatabase.accdb");
OleDbCommand myCommand = new OleDbCommand(strSQL, myConnection);
myCommand.Parameters.Add("@FirstName", OleDbType.VarChar).Value = txtName.Text;
myCommand.Parameters.Add("@Address", OleDbType.VarChar).Value = txtAddress.Text;
try
{
myConnection.Open();
myCommand.ExecuteNonQuery();
}
catch (Exception)
{
MessageBox.Show("Something went wrong");
}
finally
{
myConnection.Close();
}
}
在上面的代码中,您将值重新分配 参数,换句话说,参数化值。这是一种使用和理解的好习惯,因为它可以帮助您免受SQL Injection攻击。
答案 1 :(得分:1)
您的sql文本中有错误
string strSQL = "INSERT INTO TestTable(Name1, Address) VALUES(@FirstName, '@Address')";
你应该写
string strSQL = "INSERT INTO TestTable(Name1, Address) VALUES(@FirstName, @Address)";
除非有其他代码将它们用作外部代码可用的表单属性,否则不需要全局变量Address和FirstName -
答案 2 :(得分:1)
// Trailing ' To Be Removed
String strSQL = "INSERT INTO TestTable(Name1, Address) VALUES(@FirstName, @Address)";
// Incorrect Parameters To Be Fixed
myCommand.Parameters.AddWithValue("@FirstName", txtName.Text);
myCommand.Parameters.AddWithValue("@Address", txtAddress.Text);
答案 3 :(得分:1)
我认为他想知道为什么他有TextChanged方法来填充私有变量而根本不使用它们?
myCommand.Parameters.Add("@FirstName", OleDbType.VarChar).Value = FirstName;
myCommand.Parameters.Add("@Address", OleDbType.VarChar).Value = Address;
使用它们,所以你可以设置它们,操纵它们等等。