C#winform:向数据库访问发送CHECKBOX值 [英] C# winform : SEND CHECKBOX VALUE to DATABASE ACCESS
问题描述
Hye,这是我的代码,用于将复选框值更改为String并发送到数据库。但是,我无法保存到我的数据库。
谢谢你,
我的尝试:
使用System;
使用System.Collections.Generic;使用System.ComponentModel
;
使用System.Data;使用System.Drawing
;
使用System.Linq;
使用System.Text;
使用System.Threading.Tasks;
使用System.Windows.Forms;
使用System.Data.OleDb;
namespace Checkbox_Database
{
public partial class Form1:Form
{
// OPEN CONNECTION
OleDbConnection con = new的OleDbConnection(@ );
String gen;
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender,EventArgs e)
{
// TODO:这行代码将数据加载到'cHECKBOX_DATABASEDataSet.Table1'表中。您可以根据需要移动或删除它。
this.table1TableAdapter.Fill(this.cHECKBOX_DATABASEDataSet.Table1);
}
private void button1_Click(object sender,EventArgs e)
{
//复选框
if(checkBox1 .Checked == true)
{
gen =Male;
}
else if(checkBox2.Checked == true)
{
gen =female;
}
尝试
{
con.Open();
OleDbCommand cmd = con.CreateCommand();
cmd.CommandText =插入表1的值('+ textBox1.Text +','+ gen +');
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show(Record insert Succesfully);
}
catch(exception ex)
{
MessageBox.Show(ex.ToString());
}
}
}
}
< blockquote>不要这样做!永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。改为使用参数化查询。
由于你没有,你的INSERT也可能不起作用; t指定字段:
< pre lang =c#> cmd.CommandText = 插入Table1值(' + textBox1。文字+ ',' + gen + ');
当你这样插入时,SQL开始从第一列开始插入值 - 这很危险,因为如果由于任何原因,列被重新排序,您的代码插入错误的行并崩溃,或者更糟糕的是使用有效和无效数据的混合填充数据库。另外,如果您有一个IDENTITY列的行ID列,它们通常是第一列,您无法为它们设置值 - 如果您尝试,SQL会抱怨。
始终指定字段,始终使用参数化查询:
cmd.CommandText = INSERT INTO Table1(myColumn1,myColumn2)VALUES(@ V1,@ V2)
cmd.Parameters.AddWithValue( @ V1,textBox1.Text);
cmd.Parameters.AddWithValue( @ V2 .gen);
Hye, this is my code to change the checkbox value to String and send to Database. But, i cannot save to my database.
thank you,
What I have tried:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.OleDb;
namespace Checkbox_Database
{
public partial class Form1 : Form
{
//OPEN CONNECTION
OleDbConnection con = new OleDbConnection(@"");
String gen;
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
// TODO: This line of code loads data into the 'cHECKBOX_DATABASEDataSet.Table1' table. You can move, or remove it, as needed.
this.table1TableAdapter.Fill(this.cHECKBOX_DATABASEDataSet.Table1);
}
private void button1_Click(object sender, EventArgs e)
{
//Checkbox
if (checkBox1.Checked == true)
{
gen = "Male";
}
else if (checkBox2.Checked == true)
{
gen = "female";
}
try
{
con.Open();
OleDbCommand cmd = con.CreateCommand();
cmd.CommandText = "insert into Table1 values('" + textBox1.Text + "','"+ gen +"')";
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Record insert Succesfully");
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
}
}Don't do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
There is also the likelihood that your INSERT is not working beause you don;t specify the fields:
cmd.CommandText = "insert into Table1 values('" + textBox1.Text + "','"+ gen +"')";When you insert like this, SQL starts inserting values from the first column onward - which is dangerous, because if the columns get reordered for any reason, your code inserts into the wrong rows and either crashes, or worse fills your db with a mixture of valid and invalid data. Plus, if you have a row ID column which is an IDENTITY column say, they are generally the first column, and you can't set a value to them - SQL will complain if you try.
Always specify the fields, always use parameterised queries:
cmd.CommandText = "INSERT INTO Table1 (myColumn1, myColumn2) VALUES(@V1, @V2)" cmd.Parameters.AddWithValue("@V1", textBox1.Text); cmd.Parameters.AddWithValue("@V2". gen);
这篇关于C#winform:向数据库访问发送CHECKBOX值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
