如何在更新数据库sql之后更新数据datagridview c# [英] How To Update Data datagridview c# after Update database sql
本文介绍了如何在更新数据库sql之后更新数据datagridview c#的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
cmd.CommandType = CommandType.Text;
cmd.Connection = sqlcon;
cmd = new SqlCommand("update TBL_InvoicContent set pid='" + txtpid.Text + "',remainder='" + txtremainder.Text + "' where id_invoice= " + txtidincon.Text + " and fk_id_product = " + txtidItems.Text + " ", sqlcon);
sqlcon.Open();
cmd.ExecuteNonQuery();
MessageBox.Show("Edited");
sqlcon.Close();
推荐答案
我建议你使用绑定。有很多手册;并且多次讨论了UI刷新问题(包括DataGridView刷新);你会发现很多代码样本的资料:
http:// msdn .microsoft.com / zh-CN / library / 2b4be09b.aspx [ ^ ](原始MSDN文章),
http://tech.pro/tutorial/664/csharp-tutorial-binding-a-datagridview-to-a-database [ ^ ],
http://csharp.net-informations.com/datagridview/csharp-datagridview- database-operations.htm [ ^ ],
http://stackoverflow.com/questions/21284548/how-to-synchronize -database-and-datagridview [ ^ ],
http://stackoverflow.com/questions/10888561/refresh-datagridview-win-forms-after-updating-the-database-from-a-child-form [< a href =http://stackoverflow.com/questions/10888561/refresh-datagridview-win-forms-after-updating-the-database-from-a-child-formtarget =_ blanktitle =New Window > ^ ]。
但是你的查询问题更严重。你的方法从一开始就错了。您的查询是通过连接从UI获取的字符串组成的。不仅重复的字符串连接是低效的(因为字符串是不可变的;我是否必须解释为什么它会使重复连接变坏?),但是有更重要的问题:它打开了通向良好的大门已知的漏洞称为 SQL注入。
这是它的工作原理: http://xkcd.com/327 [ ^ ]。< br $> b $ b
怎么办?只需阅读有关此问题和主要补救措施:参数化语句: http://en.wikipedia.org/ wiki / SQL_injection [ ^ ]。
使用ADO.NET,请使用: http:// msdn.microsoft.com/en-us/library/ff648339.aspx [ ^ ]。
请查看我过去的答案以获取更多详细信息:
EROR IN com.ExecuteNonQuery(); [ ^ ],
hi name没有显示在名称中? [ ^ ]。
-SA
I would suggest you use binding. There are many manuals; and the UI refresh problem (includingDataGridViewrefresh) was discussed too many times; you will find a lot of material with code samples:
http://msdn.microsoft.com/en-us/library/2b4be09b.aspx[^] (original MSDN article),
http://tech.pro/tutorial/664/csharp-tutorial-binding-a-datagridview-to-a-database[^],
http://csharp.net-informations.com/datagridview/csharp-datagridview-database-operations.htm[^],
http://stackoverflow.com/questions/21284548/how-to-synchronize-database-and-datagridview[^],
http://stackoverflow.com/questions/10888561/refresh-datagridview-win-forms-after-updating-the-database-from-a-child-form[^].
But you have much worse problem with your query. Your approach is wrong from the very beginning. Your query is composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.
This is how it works: http://xkcd.com/327[^].
What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection[^].
With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx[^].
Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();[^],
hi name is not displaying in name?[^].
—SA
这篇关于如何在更新数据库sql之后更新数据datagridview c#的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
