删除C＃应用程序中的两个字段 [英] Deleting two fields in a C# application

问题描述

 SqlConnection sqlCon =  new  SqlConnection（str）; 
 
  //  调用要删除的语句 
 SqlCommand sqlCmd =  new  SqlCommand（ 从Transfer中删除其中empno ='  + txt_Empno.Text +  '，sqlCon）; 
 sqlCmd.CommandType = System.Data.CommandType.Text; 

我需要在删除命令中包含第二个字段请协助





说 Trans_No 是一个文本名为 txt_Trans 的字段



请在上面的删除命令中包含它



我尝试了什么：



我重新访问了我之前的代码

解决方案

试试这个

 SqlConnection sqlCon =  new  SqlConnection （STR）; 
 SqlCommand sqlCmd =  new  SqlCommand（ 删除来自Transfer Where empno = @ empno和Trans_No = @ tranno，sqlCon）; 
 sqlCmd.Parameters.Add（  @ empno，txt_Empno.Text）; 
 sqlCmd.Parameters.Add（  @ tranno，txt_Trans.Text）; 
 sqlCmd.CommandType = System.Data.CommandType.Text; 

note ：你的代码是易受攻击到 SQL注入 [ ^ ]

总是使用参数化查询以防止SQL Server中的SQL注入攻击 [ ^ ]

首先，不要这样做。不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。改为使用参数化查询。

其次，根据两个子句删除很简单 - 只需使用AND：

  DELETE   FROM  MyTable  WHERE  Column1 =  1   AND  Column2 =  2  

在需要的地方使用 AND OR ：

 删除 来自传输其中​​ \\ tempno =   value1 和 trans_no =    value2 

SqlConnection sqlCon = new SqlConnection(str);

        //Call the statement to delete
        SqlCommand sqlCmd = new SqlCommand("Delete from Transfer  Where empno='" + txt_Empno.Text + "'", sqlCon);
        sqlCmd.CommandType = System.Data.CommandType.Text;

I need to include a second field in the delete command please assist


say Trans_No is a field with text name txt_Trans

Please include it in the delete command above

What I have tried:

I have revisited my earlier codes

解决方案

try this

SqlConnection sqlCon = new SqlConnection(str);
            SqlCommand sqlCmd = new SqlCommand("Delete from Transfer  Where empno=@empno and Trans_No=@tranno", sqlCon);
            sqlCmd.Parameters.Add("@empno", txt_Empno.Text);
            sqlCmd.Parameters.Add("@tranno", txt_Trans.Text);
            sqlCmd.CommandType = System.Data.CommandType.Text;

note: your code is Vulnerable to SQL Injection[^]
always use Parameterized queries to prevent SQL Injection Attacks in SQL Server[^]

First off, don;t do that. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Second, to delete based on two clauses is simple - just use an AND:

DELETE FROM MyTable WHERE Column1 = 1 AND Column2 = 2

Use AND OR where needed :

Delete from Transfer Where empno = "value1" and trans_no = "value2"

这篇关于删除C＃应用程序中的两个字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！