如何在保存数据库之前显示文本框结果 [英] How to show textbox result before save database
问题描述
con.Open();
SqlCommand cmd = new SqlCommand("INSERT INTO tblPurchase (Pur_No,Bill_Challan_No,Pur_Date,Sup_Name,Item_Name,Qty,Rate,Total)VALUES('" + textBox1.Text + "','" + textBox2.Text + "','" + dateTimePicker1.Value.ToString("MM/dd/yyyy") + "','" + textBox6.Text + "','" + textBox3.Text + "','" + textBox4.Text + "','" + textBox5.Text + "','" + textBox7.Text + "')", con);
cmd.ExecuteNonQuery();
MessageBox.Show("Purchase Succesfully", "Successfully", MessageBoxButtons.OK, MessageBoxIcon.Information);
Gridview();
con.Close();
我的尝试:
我想在Total字段中保存数据库之前显示结果。
Like Quantity * Rate = Total
What I have tried:
I want to show result before save database in Total field.
Like Quantity*Rate=Total
推荐答案
Don'这样做!永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询:
Don't do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead:
using (SqlCommand cmd = new SqlCommand("INSERT INTO tblPurchase (Pur_No,Bill_Challan_No,Pur_Date,Sup_Name,Item_Name,Qty,Rate,Total)VALUES(@PN, @BCN, @PD, @SN, @IN, @QTY, @RA, @TOT), con))
{
cmd.Parameters.AddWithValue("@PN", textBox1.Text);
cmd.Parameters.AddWithValue("@BCN", textBox2.Text);
cmd.Parameters.AddWithValue("@PD", dateTimePicker1.Value);
cmd.Parameters.AddWithValue("@SN", textBox6.Text);
cmd.Parameters.AddWithValue("@IN", textBox3.Text);
cmd.Parameters.AddWithValue("@QTY", textBox4.Text);
cmd.Parameters.AddWithValue("@RA", textBox5.Text);
cmd.Parameters.AddWithValue("@TOT", textBox7.Text);
cmd.ExecuteNonQuery();
...
但即便如此,这还不错。相反,应使用TryParse方法将文本框更改为值,并首先向用户报告错误。
But even then, that's bad. Instead, your text boxes should be changed to values using TryParse methods and errors reported to the user first.
int qty;
if (!int.TryParse(textBox4.Text, out qty))
{
... report problem to user
return;如果对所有数值执行此操作,则你显示(或只是检查)数量乘以等于总数的问题变得微不足道 - 你已经知道如何做到这一点。
BTW:帮自己一个忙,并停止使用Visual Studio默认名称 - 你可能还记得今天的TextBox8是手机号码,但是当你必须在三周内修改它时,你会这样吗?使用描述性名称 - 例如tbMobileNo - 您的代码变得更容易阅读,更自我记录,更易于维护 - 并且编码速度更快,因为Intellisense可以通过三次击键来tbMobile,其中TextBox8需要思考大概和8次击键...
If you do that for all numeric values, then your problem of displaying (or just checking) that quantity times rate equaling the total becomes trivial - you already know how to do that.
BTW: Do yourself a favour, and stop using Visual Studio default names for everything - you may remember that "TextBox8" is the mobile number today, but when you have to modify it in three weeks time, will you then? Use descriptive names - "tbMobileNo" for example - and your code becomes easier to read, more self documenting, easier to maintain - and surprisingly quicker to code because Intellisense can get to to "tbMobile" in three keystrokes, where "TextBox8" takes thinking about and 8 keystrokes...
正如OriginalGriff所指出的那样,总是使用参数。一个原因是从SQL注入安全,但还有一些其他的事情你应该注意
- 目前你依赖于日期和数值的隐式转换。例如,如果数据库的默认日期格式不是MM / dd / yyyy,那么从dateTimePicker1.Value.ToString(MM / dd / yyyy)转换将失败。例如,如果在速率中输入1,5,则会发生相同的情况。
- 您根本不检查错误,您应该有适当的try..catch块来处理常见错误,例如唯一约束违规
- 你不处置物品。最简单的方法是在代码中使用块以确保正确处理资源
对于上述问题,请查看正确执行数据库操作 [ ^ ]
现在来到总计字段,我根本不一定会使用这样的列。如果总计是根据Qty * Rate计算的,我会在表格中创建一个计算列。目前,如果数量或费率发生变化,您始终需要相应地更新总字段。您还需要确保无法编辑总计;否则数量和费率没有意义。
有了计算列解决了这些问题,你总是更新源值,计算值总是正确的母列的值是只读的。有关更多信息,请查看在表中指定计算列 [ ^ ]
As pointed out by OriginalGriff, always use parameters. One reason is to be safe from SQL injections, but there are a few other thing you should note
- at the moment you rely on implicit conversions on date and numeric values. For example what happens if the default date format for the database isn't MM/dd/yyyy, your conversion from dateTimePicker1.Value.ToString("MM/dd/yyyy") will fail. The same happens for example if 1,5 is entered in rate.
- you don't examine errors at all, you should have proper try..catch blocks to handle common errors, for example unique constraint violations
- you don't dispose objects. The easiest way is to use using blocks in your code in order to ensure proper disposal of resources
For the problems mentioned above, have a look at Properly executing database operations[^]
Now what comes to theTotalfield, I wouldn't necessarily use such column at all. If total is calculated based on Qty * Rate, I would create a computed column in the table instead. Currently if either quantity or rate changes you always need to update the total field correspondingly. Also you need to make sure that total cannot be edited; otherwise quantity and rate wouldn't make sense.
Having a computed column solves those problems, you always update the source values and the computation value is always correct based on the values fo mother columns and is read-only. For more information, have a look at Specify Computed Columns in a Table[^]
这篇关于如何在保存数据库之前显示文本框结果的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
