数据库sql和Csharp [英] Database sql and Csharp
问题描述
大家好,我必须制作一个可以编辑用户,删除用户,搜索用户,创建用户的程序,但是我不知道如何制作编辑和搜索代码..这是我到目前为止的目的..
Hello everybody i have to make a program where i can Edit user, delete user, search user, create user, but i dont know how to make the Edit and Search code .. This is Where i got so far ..
//create user
private void button3_Click(object sender, EventArgs e)
{
if (!string.IsNullOrWhiteSpace(textBox4.Text))
{
Datahandler.dbOpen();
string query = "SELECT * FROM Usertable WHERE (name = '" + textBox4.Text + "')";
SqlDataReader reader = Datahandler.SqlReader(query);
if (!reader.Read())
{
var md5 = new MD5CryptoServiceProvider();
byte[] origninalBytes = ASCIIEncoding.Default.GetBytes("Lav Mig Om!!");
byte[] md5bytes = md5.ComputeHash(origninalBytes);
string md5string = BitConverter.ToString(md5bytes).Replace("-", "");
reader.Close();
Datahandler.query("INSERT INTO usertable (name, password) Values ('" + textBox4.Text + "', '" + md5string + "')");
MessageBox.Show("Bruger Oprettet");
}
else
{
MessageBox.Show("Brugerern eksisterer allerede!");
reader.Close();
}
Datahandler.dbClose();
textBox4.Clear();
}
else
MessageBox.Show("Skriv noget i tekstboksen, \nfør du prøver at lave en bruger.");
}
//delete user
private void button4_Click(object sender, EventArgs e)
{
if (!string.IsNullOrWhiteSpace(textBox4.Text))
{
Datahandler.dbOpen();
string query = "DELETE Usertable WHERE (name = '" + textBox4.Text + "')";
Datahandler.query(query);
Datahandler.dbClose();
}
else
MessageBox.Show("Indtast et navn før du \nprøver på at slette en bruger");
}
推荐答案
第一件事.
我强烈建议您进行以下两项更改:
1)停止使用VS默认名称来创建共同的角色-这样会使您的生活变得更加艰难.当然,您今天可以记得textBox4是用户名,而button4是删除用户,但是您还记得下周吗?更改控件的名称,并将事件处理程序的名称更改为可以告诉您其功能的名称:
First things first.
Two changes I strongly reccommend you make:
1) Stop using the VS default names for cointrols - you make your life a lot harder. Sure, you can remember today that textBox4 is the username, and the button4 is delete user, but will you remember that next week? Change the names of the controls, and change the names of the event handlers to something that tells you what they do:
textBox4 -> tbUsername
button4 -> butDeleteUser
button4_Click -> butDeleteUser_Click
2)不要连接字符串以构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门,这可能会破坏整个数据库.请改用参数化查询.
然后,只需使用 SQL UPDATE [ LIKE子句 [
2) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Then, Edit is a simple matter of using an SQL UPDATE[^] command instead of INSERT, and Search is what you are doing at the top of your button3_Click method: The select statement does a primitive search for the username. You may want to look at using the LIKE clause[^] though.
HI,
在表上定义主键列.然后通过此唯一值进行编辑,更新和搜索您的记录.
我只是给你一个例子:
使用TESTDB数据库创建表测试.
Define primary key column on your table. then though this unique value edit,update and search your records.
just i am giving you a example:
create table test using TESTDB database.
USE [TESTDB]
GO
/****** Object: Table [dbo].[test] Script Date: 12/07/2011 13:43:47 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_PADDING ON
GO
CREATE TABLE [dbo].[test](
[slno] [int] NOT NULL,
[name] [varchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL,
[password] [varchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL,
CONSTRAINT [PK_test] PRIMARY KEY CLUSTERED
(
[slno] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
GO
SET ANSI_PADDING OFF
在这里slno是唯一的,只是我正在为更新数据库编写sql
here slno is unique just i am writing sql for update database
---Update test name='value1', password='value2' where slno= 1
same as search record from database table write this
---Select * from test where slno =1
如果您理解此示例,则可以轻松实现编辑和搜索.
编辑用户只能从您创建的用户代码中更改更新查询.
if you understand this example you implement edit and search easily.
make to edit user only change the update query from your create user code.
这篇关于数据库sql和Csharp的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
