我这里有这个代码:
public class clsDataLayer
{
// This function saves the personnel data
public static bool SavePersonnel(string Database, string FirstName, string LastName,
string PayRate, string StartDate, string EndDate)
{
bool recordSaved;
try
{
// Retrieving information
OleDbConnection conn = new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" +
"Data Source=" + Database);
conn.Open();
OleDbCommand command = conn.CreateCommand();
string strSQL;
// Inserting information into the table
strSQL = "Insert into tblPersonnel " +
"(FirstName, LastName, PayRate, StartDate, EndDate) values ('" +
FirstName + "', '" + LastName + "', " + PayRate + ", '" + StartDate +
"', '" + EndDate + "')";
// Gets the statement to execute at the data source
command.CommandType = CommandType.Text;
command.CommandText = strSQL;
// Executes the SQL statement and returns the number of rows
command.ExecuteNonQuery();
// Closes the connection to the data source
conn.Close();
recordSaved = true;
}
catch (Exception)
{
recordSaved = false;
}
return recordSaved;
}
// This function gets the user activity from the tblUserActivity
public static dsUserActivity GetUserActivity(string Database)
{
// States the classes used
dsUserActivity DS;
OleDbConnection sqlConn;
OleDbDataAdapter sqlDA;
// Defines sqlConnclass and what each will consist of
sqlConn = new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" +
"Data Source=" + Database);
// Defines sqlDA and what each will consist of
sqlDA = new OleDbDataAdapter("select * from tblUserActivity", sqlConn);
// Defines DS and what each will consist of
DS = new dsUserActivity();
// Outputs the results from the information gathered
sqlDA.Fill(DS.tblUserActivity);
// Starts over for a new user
return DS;
}
// This function saves the user activity
public static void SaveUserActivity(string Database, string FormAccessed)
{
// Defines the connection to the database
OleDbConnection conn = new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" +
"Data Source=" + Database);
conn.Open();
OleDbCommand command = conn.CreateCommand();
string strSQL;
strSQL = "Insert into tblUserActivity (UserIP, FormAccessed) values ('" +
GetIP4Address() + "', '" + FormAccessed + "')";
command.CommandType = CommandType.Text;
command.CommandText = strSQL;
command.ExecuteNonQuery();
conn.Close();
}
// This function gets the IP Address
public static string GetIP4Address()
{
string IP4Address = string.Empty;
foreach (IPAddress IPA in
Dns.GetHostAddresses(HttpContext.Current.Request.UserHostAddress))
{
if (IPA.AddressFamily.ToString() == "InterNetwork")
{
IP4Address = IPA.ToString();
break;
}
}
if (IP4Address != string.Empty)
{
return IP4Address;
}
foreach (IPAddress IPA in Dns.GetHostAddresses(Dns.GetHostName()))
{
if (IPA.AddressFamily.ToString() == "InterNetwork")
{
IP4Address = IPA.ToString();
break;
}
}
return IP4Address;
}
public clsDataLayer()
{
}
public static dsPersonnel GetPersonnel(string p)
{
throw new NotImplementedException();
}
}
我需要添加此代码,但每次我都会收到一条错误消息,指出方法'GetPersonnel'没有重载需要'1'参数
// This function gets the user activity from the tblPersonnel
public static dsPersonnel GetPersonnel(string Database, string strSearch)
{
dsPersonnel DS;
OleDbConnection sqlConn;
OleDbDataAdapter sqlDA;
//create the connection string
sqlConn = new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" +
"Data Source=" + Database);
string query;
if (strSearch == "" || strSearch.Trim().Length == 0)
{
query = "SELECT * from tblPersonnel";
}
else
{
query = "select * from tblPersonnel where LastName = '" + strSearch + "'";
}
// Defines sqlDA and what each will consist of
sqlDA = new OleDbDataAdapter("select * from tblPersonnel", sqlConn);
// Defines DS and what each will consist of
DS = new dsPersonnel();
// Outputs the results from the information gathered
sqlDA.Fill(DS.tblPersonnel);
// Starts over for a new user
return DS;
}
// This function saves the user activity
public static void SavePersonnel(string Database, string FormAccessed)
{
// Defines the connection to the database
OleDbConnection conn = new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" +
"Data Source=" + Database);
conn.Open();
OleDbCommand command = conn.CreateCommand();
string strSQL;
strSQL = "Insert into tblPersonnel (UserIP, FormAccessed) values ('" +
GetIP4Address() + "', '" + FormAccessed + "')";
command.CommandType = CommandType.Text;
command.CommandText = strSQL;
command.ExecuteNonQuery();
conn.Close();
}
答案 0 :(得分:1)
看起来你正在定义
public static dsPersonnel GetPersonnel
同一课程两次。我怀疑你是用两个arg版本替换单arg版本,但在某个地方你还在调用单arg版本。
我知道你不是要求这种输入,但我不能帮助自己......
您应该将OleDbConnections包装在一个使用块中,以确保它们如此关闭:
using (OleDbConnection conn = new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" +
"Data Source=" + Database))
{
conn.Open();
...
{
不确定你的strSearch数据来自哪里,但是你正准备用这条线进行令人讨厌的SQL注入攻击:
query = "select * from tblPersonnel where LastName = '" + strSearch + "'";
您应该使用SQL参数或存储过程。