0

我的数据库中有 2 个表,我需要以一种方法将数据保存到两个表中。执行以下方法时出现代码无法访问的错误。我需要有人告诉我如何将此语句添加为单个插入语句。顺便说一下,PC_QA_REPORT_1 有一个主键,PC_QA_REPORT_2 有一个外键,为此,Project_ID 是两个表中的公共列。

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.ServiceModel.Web;
using System.Text;
using System.Data.SqlClient;
using System.Xml;
using System.IO;
using System.Data;

namespace WcfService2
{
    // NOTE: You can use the "Rename" command on the "Refactor" menu to change the class name "Service1" in code, svc and config file together.
    public class Service1 : IService1
    {
        SqlConnection con = new SqlConnection("server = SP-DEV-MACHINE; Initial Catalog=The_Performance; Integrated Security=True");

        //public string GetData(int value)
        //{
        //    return string.Format("You entered: {0}", value);
        //}
        public string SubmitData(string pid, string ptitle, string date, string pqr, string pd, string ps, string pr, string pme, string pef, string pet, string psno, string pqs, string pds, string pmd, string pmr, string pmn)
        {



            SqlCommand cmd = new SqlCommand("INSERT INTO PC_QA_REPORT_1  (Project_ID, Project_Title, Date, Project_Quality_Rating, Project_Decision, Project_Strategic, Project_Relevant, Project_Monitoring_Eval, Project_Efficient, Project_Effective, Project_Sus_Nat_Own, Project_QA_Summary, Project_Document_Status) VALUES('" + pid + "','" + ptitle + "','" + date + "','" + pqr + "','" + pd + "','" + ps + "','" + pr + "','" + pme + "','" + pef + "','" + pet + "','" + psno + "','" + pqs + "','" + pds + "')", con);
            SqlCommand command = new SqlCommand("INSERT INTO PC_QA_REPORT_2 (Project_M_Date, Project_M_Responsibility,Project_M_Notes) VALUES('" + pmd + "','" + pmr + "','" + pmn + "')", con);

            con.Open();

            int i = cmd.ExecuteNonQuery();
            int x = command.ExecuteNonQuery();

            con.Close();
            return i.ToString();
            return x.ToString();

        }
        //public string MoreData(string pmd, string pmr, string pmn)
        //{

        //    SqlCommand command = new SqlCommand("INSERT INTO PC_QA_REPORT_2 (Project_M_Date, Project_M_Responsibility,Project_M_Notes) VALUES('" + pmd + "','" + pmr + "','" + pmn + "')", con);
        //    con.Open();
        //    int x = command.ExecuteNonQuery();
        //    con.Close();
        //    return x.ToString();
        //}

    }
}
4

4 回答 4

3

如果不使用两个 INSERT 语句,就不能插入两个表。这是不可能的。但是您可以将两个 INSERT 语句放入同一个 sql 命令对象并在一个事务中运行它们:

public int SubmitData(string pid, string ptitle, string date, string pqr, string pd, string ps, string pr, string pme, string pef, string pet, string psno, string pqs, string pds, string pmd, string pmr, string pmn)
{
    string sql = 
       "BEGIN TRANSACTION; " +

       "DECLARE @result int;"
       "INSERT INTO PC_QA_REPORT_1 (" +
         " Project_ID, Project_Title, Date, Project_Quality_Rating, Project_Decision, " +
         " Project_Strategic, Project_Relevant, Project_Monitoring_Eval, " + 
         " Project_Efficient, Project_Effective, Project_Sus_Nat_Own, " +
         " Project_QA_Summary, Project_Document_Status" +
      ") VALUES (" +
         "@pid, @ptitle, @date, @pqr, @pd, @ps, @pr, @pme, @pef, @pet, @psno, @pqs, @pds" + 
      ");" +
      " SET @result = @@rowcount; " +
      "INSERT INTO PC_QA_REPORT_2 (" + 
         " Project_M_Date, Project_M_Responsibility,Project_M_Notes" +
      ") VALUES(" + 
        " @pmd, @pmr, @pmn" +
      ");" + 
      " SELECT @result + @@rowcount; " +

      " COMMIT; ";

    //best to use a new connection object for each call to the database
    using (var con = new SqlConnection(" <connection string here> "))
    using (var cmd = new  SqlCommand(sql, con))
    {
        cmd.Parameters.Add("@pid", SqlDbType.Int).Value = int.Parse(pid);
        cmd.Parameters.Add("@ptitle", SqlDbType.NVarChar, 100).Value = ptitle;
        cmd.Parameters.Add("@date", SqlDbType.DateTime).Value = DateTime.Parse(date);
        cmd.Parameters.Add("@pqr", SqlDbType.Float).Value = double.Parse(pqr);
        cmd.Parameters.Add("@pd", SqlDbType.NVarChar, 5).Value = pd;
        //You can fill in the rest of the parameters on your own

        con.Open();
        return (int)cmd.ExecuteScalar();
     }
}

作为奖励,这也将修复原始代码中可怕的sql 注入漏洞。

于 2013-10-07T19:52:19.843 回答
1

A. 无法访问的代码是因为 2 个返回语句。一个方法只能返回一次。执行会在您返回后离开该方法,因此它之后的任何语句都是无法访问的代码。

B. 您构建 SQL 命令的方式容易出错并且容易受到 SQL 注入的影响,请尝试使用带有参数化查询的 SQL 参数。

前任。ParameterizedQuery = 插入 Table1 值(@param1、@param2、@param3....)

C. 从逻辑上讲,这是一个单一的插入 - 所以你应该考虑在数据库事务中做。如果第一个插入有效,而第二个由于某种原因失败 - 您最终可能会遇到错误的状态,具体取决于您的实际数据和要求。

于 2013-10-07T19:36:48.840 回答
1

关于同时执行两个查询:

    SqlCommand cmd = new SqlCommand("INSERT INTO PC_QA_REPORT_1  (Project_ID, Project_Title, Date, Project_Quality_Rating, Project_Decision, Project_Strategic, Project_Relevant, Project_Monitoring_Eval, Project_Efficient, Project_Effective, Project_Sus_Nat_Own, Project_QA_Summary, Project_Document_Status) VALUES('" + pid + "','" + ptitle + "','" + date + "','" + pqr + "','" + pd + "','" + ps + "','" + pr + "','" + pme + "','" + pef + "','" + pet + "','" + psno + "','" + pqs + "','" + pds + "')", con);
    SqlCommand command = new SqlCommand("INSERT INTO PC_QA_REPORT_2 (Project_M_Date, Project_M_Responsibility,Project_M_Notes) VALUES('" + pmd + "','" + pmr + "','" + pmn + "')", con);

command += "; " + cmd;
int x = command.ExecuteNonQuery();
con.Close()
return x;

^ 会工作。至于你得到的错误......你只能从一个函数中返回一件事。但是,您可以将整数作为参数传递(通过引用)并在函数内部修改它们以获取返回值

于 2013-10-07T19:44:52.163 回答
0

由于您的查询命令不接受返回值,因此通过使用 executenonquery,您应该能够在第一个 cmd 语句中使用一个长字符串。例如语句1;声明2。用分号分隔语句。

于 2013-10-07T19:28:16.287 回答