如何将数据插入数据库? - 用户定义的类

时间:2015-06-14 15:43:34

标签: c# database visual-studio-2013 executenonquery

我正在试验数据库,并且我找到了不同的方法来优化我的代码。在这里,我使用不同的类来停止重写相同的代码,例如添加,删除和更新,我们使用相同的ExecuteNonQuery()方法。到目前为止,除了Insert之外,Update删除方法运行良好。编译器没有给出任何错误,但从文本框中获取的值不会转到变量字符串查询。我是c#编码的新手。谁能帮我?还是建议?

using DBconnectionExercise.DBConnection_Components;
namespace DBconnectionExercise
{
    public partial class Student_Form : Form
    {
        DBComps dc = new DBComps();

        //public string constring;
        //public SqlConnection con = null;
        //public SqlCommand com = null;
        public String query;

        public Student_Form()
        {
            InitializeComponent();

            //constring = "Data Source=ASHANE-PC\\ASHANESQL;Initial Catalog=SchoolDB;Integrated Security=True";
            //con = new SqlConnection(constring);

            dc.ConnectDB();


        }

        private void Form1_Load(object sender, EventArgs e)
        {

           loadGridData();

        }
        private void dtp_dob_ValueChanged(object sender, EventArgs e)
        {
            DateTime Now = DateTime.Today;
            DateTime Dob = dtp_dob.Value.Date;
            int a = Now.Year - Dob.Year;
            if (Now < Dob.AddYears(a)) a--;
            tb_Age.Text = a.ToString();
        }

        private void loadGridData()
        {
            try
            {
                query = "Select * from tb_Student";
                //dc.OpenCon();
                //SqlDataAdapter da = new SqlDataAdapter(query, con);
                DataTable dt1 = new DataTable();
                dt1 = dc.Data_Table(query);
                //da.Fill(dt);
                Stu_DataGrid.DataSource = dt1;
                //con.Close();

            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.ToString());
            }
        }

        private void ClearData()
        {
            tb_Name.Clear();
            tb_Address.Clear();
            tb_Telno.Clear();
            tb_Search.Clear();
            tb_Age.Clear();
            dtp_dob.Value = DateTime.Today;

        }

        private void btn_Add_Click(object sender, EventArgs e)
        {
            try
            {
                String name = tb_Name.Text;
                DateTime dob = dtp_dob.Value.Date;
                int age = Convert.ToInt32(tb_Age.Text);
                String Address = tb_Address.Text;
                int telno = Convert.ToInt32(tb_Telno.Text);
                int line = 0;


                //con.Open();
                query = "Insert into tb_Student values(@Stu_Name, @Stu_DOB, @Age, @Stu_Address, @Stu_Tel_no)";
                //query = "Insert into tb_Student (Stu_Name, Stu_DOB, Age, Stu_Address, Stu_Tel_no) Values('" + name + "','" + dob + "','" + age + "','" + Address + "','" + telno + "')";
                MessageBox.Show(query);
                //com = new SqlCommand(query, con);

               // This is the Insert/save code

                DBComps.com.Parameters.AddWithValue("@Stu_Name", name);
                DBComps.com.Parameters.AddWithValue("@Stu_DOB", dob);
                DBComps.com.Parameters.AddWithValue("@Age", age);
                DBComps.com.Parameters.AddWithValue("@Stu_Address", Address);
                DBComps.com.Parameters.AddWithValue("@Stu_Tel_no", telno);

                //line = com.ExecuteNonQuery();
                line = dc.ExeNonQuery(query);
                //com.Dispose();
                //con.Close();

                if (line > 0)
                {
                    loadGridData();
                    ClearData();
                    MessageBox.Show("Data saved sucessfully!", "Data Saved", MessageBoxButtons.OK, MessageBoxIcon.Information);
                }
                else
                    MessageBox.Show("Data not Saved", "Error Save", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
            catch(Exception ex)
            {
                MessageBox.Show(ex.ToString());
            }
        }

这是我用来编写Sql Function方法的DBComps类。

 namespace DBconnectionExercise.DBConnection_Components
    {
        public class DBComps
        {
            public String conSring;
            public SqlConnection con = null;
            public static SqlCommand com = null;

            public void ConnectDB()
            {
                conSring = "Data Source=ASHANE-PC\\ASHANESQL;Initial Catalog=SchoolDB;Integrated Security=True";
                con = new SqlConnection(conSring);
            }

            public void OpenCon()
            {
                con.Open();
            }

            public void CloseCon()
            {
                con.Close();
            }

            public int ExeNonQuery(String query) //the method for Insert, update and delete.
            {

                int line = 0;
                OpenCon();
                com = new SqlCommand(query, con);
                line = com.ExecuteNonQuery();
                com.Dispose();
                CloseCon();

                return line;
            }
    }
} 

2 个答案:

答案 0 :(得分:2)

这是与数据库交谈的非常糟糕的方式,使用SQL注入可以解决问题,而且正在学习,正是时候指出这一点:

query = "Insert into tb_Student values('"+ name +"','"+ dob +"','"+ age +"','"+ Address +"','"+ telno +"')";

阅读关于sql注入的原因和方法,并寻找最佳实践以找到更好的方法。

答案 1 :(得分:1)

好的,最后我按照我的预期想出了我的问题的答案。在这里如何做到这一点;

private void btn_Add_Click(object sender, EventArgs e)
        {
            try
            {
                String name = tb_Name.Text;
                DateTime dob = dtp_dob.Value.Date;
                int age = Convert.ToInt32(tb_Age.Text);
                String Address = tb_Address.Text;
                int telno = Convert.ToInt32(tb_Telno.Text);
                int line = 0;


                query = "Insert into tb_Student values('"+ name +"','"+ dob +"','"+ age +"','"+ Address +"','"+ telno +"')";

                MessageBox.Show(query); //To see it works!

                line = dc.ExeNonQuery(query);

                if (line > 0)
                {
                    loadGridData();
                    ClearData();
                    MessageBox.Show("Data saved sucessfully!", "Data Saved", MessageBoxButtons.OK, MessageBoxIcon.Information);
                }
                else
                    MessageBox.Show("Data not Saved", "Error Save", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
            catch(Exception ex)
            {
                MessageBox.Show(ex.ToString());
            }
        } 

始终记住完全按照与表头一致的方式编写查询语句变量/值。否则会产生错误。谢谢大家帮忙解决这个问题! :-)