0

您好,我总是使用 SQlcommand 进行非查询,但现在出了点问题,我不知道我有 3 个带有操作更新插入和删除的按钮,但我为所有 3 个操作创建了唯一方法,问题是它没有插入删除或更新:

private void operacao(String operacao) {
        String comando = "";
        con = new SqlConnection();
        WorksDataSet  dataset = new WorksDataSet();
        con.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Works.mdf;Integrated Security=True;User Instance=True;Asynchronous Processing=true";
        try
        {
            con.Open();

        }
        catch (SqlException cox) {
            MessageBox.Show(cox.Message, this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error);
        }
        switch (operacao) { 
            case "inserir":

                try
                {
                    comando = "Insert Into Estudante (Codigo,Nome,Apelido) values(" + txtID.Text + ",'" + txtNome.Text + "','" + txtapelido.Text + "')";
                    SqlCommand command = new SqlCommand(comando, con);
                    SqlDataAdapter sda=new SqlDataAdapter(command);
                    command.CommandType = CommandType.Text;
                    sda.Fill(dataset);
                    command.ExecuteNonQuery();
                    command.Dispose();
                    MessageBox.Show("Adicionado com Sucesso", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Information);
                }
                catch (SqlException sex) {
                    MessageBox.Show(sex.Message , this.Text,MessageBoxButtons.OK,MessageBoxIcon.Error );
                }

                break;

            case "apagar":
                comando = "delete from Estudante where Codigo=" + txtID;
                try
                {

                    SqlCommand command = new SqlCommand(comando, con);
                    command.BeginExecuteNonQuery();
                    MessageBox.Show("Removido com Sucesso", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Information);
                }
                catch (SqlException sex)
                {
                    MessageBox.Show(sex.Message, this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error);
                }
                break;
            case "atualizar":
                comando = "update table Estudante set nome='" + txtNome + "'^ apelido='" + txtapelido + "'";
                try
                {

                    SqlCommand command = new SqlCommand(comando, con);
                    command.BeginExecuteNonQuery();
                    MessageBox.Show("Actualizado com Sucesso", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Information);
                }
                catch (SqlException sex)
                {
                    MessageBox.Show(sex.Message, this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error);
                }
                break;
            default:
                break
                ;
        }
        con.Close();
    }
4

3 回答 3

4

您应该使用参数化查询。总是.....

这用于插入操作。

comando = "Insert Into Estudante (Codigo,Nome,Apelido) values(@id, @nome, @apelido");
SqlCommand command = new SqlCommand(comando, con);                     
command.Parameters.AddWithValue("@id", txtID.Text);
command.Parameters.AddWithValue("@nome", txtNome.Text);
command.Parameters.AddWithValue("@apelido", txtapelido.Text);
command.CommandType = CommandType.Text;                     
command.ExecuteNonQuery();

此处无需使用数据集或数据适配器。只是 ExecuteNonQuery

这是删除操作。

comando = "delete from Estudante where Codigo=@id";
SqlCommand command = new SqlCommand(comando, con);
command.Parameters.AddWithValue("@id", txtID.Text);
command.CommandType = CommandType.Text;
command.ExecuteNonQuery();

请注意,您应该传递 Text 属性,而不是整个 TextBox

这用于更新操作

comando = "update table Estudante set nome=@nome, apelido=@apelido where codigo=@id";
SqlCommand command = new SqlCommand(comando, con);
command.Parameters.AddWithValue("@id", txtID.Text);
command.Parameters.AddWithValue("@nome", txtNome.Text);
command.Parameters.AddWithValue("@apelido", txtapelido.Text);
command.CommandType = CommandType.Text;
command.ExecuteNonQuery();

这里也使用 Text 属性而不是 TextBox 对象

通过这种方式,您无需担心字符串参数中的引号,并且您关闭了
Sql 注入攻击的大门

于 2012-07-05T12:49:16.200 回答
1

要执行insert/delete/update语句,您只需要创建SqlCommandSqlConnection对象。DataSet并且DataAdapter是无用的。

要插入一行:

string cnstr=@"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Works.mdf;Integrated Security=True;User Instance=True;Asynchronous Processing=true";

using(SqlConnection con = new SqlConnection(cnstr))
 {
  string sql = "Insert Into Estudante (Codigo,Nome,Apelido) values(@Codigo,@Nome,@Apelido)";
  using(SqlCommand command= new SqlCommand(sql,con))
   {
     command.Parameters.Add("@Codigo",SqlDbType.Int).Value=txtID.Text;
     command.Parameters.Add("@Nome",SqlDbType.VarChar,30).Value=txtNome.Text;
     command.Parameters.Add("@Apelido",SqlDbType.VarChar,30).Value=txtapelido.Text;
     con.Open();
     cmd.ExecuteNonQuery();
     con.Close();
    }
 }
于 2012-07-05T12:51:51.370 回答
0

您正在调用 sqlDataAapter 的 Fill 方法来填充不必要的数据库。删除该语句并查看。那应该行得通。

于 2012-07-06T08:33:06.210 回答