我正在使用c#WF构建应用程序。我在MS sql数据库中创建了一个employee表。我有两个性别的单选按钮(男性和女性)。根据用户单击单选按钮(男性还是女性)的方式,我想编写可以插入两个radiobutton选项之一的sql语句。同样的事情适用于组合框。当用户选择从组合框中选择数据时,我希望数据保存在表格中。我用Google搜索了问题,并没有找到正确的问题。 2月7日有一个贴在这里。问题没有答案。不知道如何编写组合框的代码。
("INSERT INTO Employeess(EmpID,FirstName,LastName,Salary,desgnation,gender)
values ('" + textBox1.Text + "','" +
textBox2.Text + "','" +
textBox3.Text + "','" +
textBox4.Text + "','" +
textBox5.Text + "','" +
**radioButton1.Checked+"'** )");
非常感谢任何帮助。
答案 0 :(得分:0)
使用列的位数据类型。然后,您可以使用SQL参数直接插入radioButton1.Checked检查值。
由于您尚未提供完整代码,请尝试
("INSERT INTO Employeess(EmpID,FirstName,LastName,Salary,desgnation,gender)
values ('" + textBox1.Text + "','" +
textBox2.Text + "','" +
textBox3.Text + "','" +
textBox4.Text + "','" +
textBox5.Text + "'," +
(radioButton1.Checked ? "1" : "0") +" )");
答案 1 :(得分:0)
我完全改变了我的代码并且它有效。我正在使用sqlcommand.paramemters.addwithvalue。当我搜索解决方案时,我发现以前的编码对于sql注入是不容易的。感谢help.Below是我完整的代码,用于从文本框,组合框和单选按钮将数据保存到数据库中。
private void btnSave_Click(object sender, EventArgs e)
{
try
{
DataValidateAndDateFormat();
string strGender;
string strConnectionString = @"Data Source = KK\SQLEXPRESS; Integrated Security = SSPI; Initial Catalog = JeanDB";
SqlConnection cn = new SqlConnection(strConnectionString);
cn.Open();
string strEmpID = txtEmpID.Text.Trim();
string strFirstName = txtFirstName.Text.Trim();
string strLastName = txtLastName.Text.Trim();
string strDesignation = txtDesignation.Text.Trim();
int iSalary = Convert.ToInt32(txtSalary.Text.Trim());
string strAddress = txtAddress.Text.Trim();
int iZipCode = Convert.ToInt32(txtZipCode.Text.Trim());
int iPhone = Convert.ToInt32(txtPhone.Text.Trim());
string strEmail = txtEmail.Text.Trim();
DateTime dtDOB = dtPickerDOB.Value;
string strNationality = comboNationality.SelectedItem.ToString();
if (rbMale.Checked)
strGender = "Male";
else
strGender = "Female";
string strUserName = txtUserName.Text.Trim();
string strPassword = txtPassword.Text.Trim();
string query = "INSERT INTO Employees(EmployeeID, FirstName, LastName, Designation, Salary, Address, ZipCode, Phone, Email, DOB, Nationality, Gender, Username, Password)VALUES(@strEmpID, @strFirstName, @strLastName, @strDesignation, @iSalary, @strAddress, @iZipCode, @iPhone,@strEmail, @dtDOB, @strNationality, @strGender, @strUserName, @strPassword)";
SqlCommand InsertCommand = new SqlCommand(query, cn);
InsertCommand.Connection = cn;
InsertCommand.Parameters.AddWithValue(@"strEmpID", strEmpID);
InsertCommand.Parameters.AddWithValue(@"strFirstName", strFirstName);
InsertCommand.Parameters.AddWithValue(@"strLastName", strLastName);
InsertCommand.Parameters.AddWithValue(@"strDesignation", strDesignation);
InsertCommand.Parameters.AddWithValue(@"iSalary", iSalary);
InsertCommand.Parameters.AddWithValue(@"strAddress", strAddress);
InsertCommand.Parameters.AddWithValue(@"iZipCode", iZipCode);
InsertCommand.Parameters.AddWithValue(@"iPhone", iPhone);
InsertCommand.Parameters.AddWithValue(@"strEmail", strEmail);
InsertCommand.Parameters.AddWithValue(@"dtDOB", dtDOB);
InsertCommand.Parameters.AddWithValue(@"strNationality", strNationality);
InsertCommand.Parameters.AddWithValue(@"strGender", strGender);
InsertCommand.Parameters.AddWithValue(@"strUsername", strUserName);
InsertCommand.Parameters.AddWithValue(@"strPassword", strPassword);
InsertCommand.ExecuteNonQuery();
MessageBox.Show("New Employee's Data has been added successfully");
cn.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}