选择命令的ASP.NET类代码 [英] ASP.NET class code for select command

问题描述

有人可以帮我吗?

Can any one help me for this:

public static void SelectMembers(string username)
    {
        SqlConnection con = Database.GetConnection();
        SqlCommand cmd = new SqlCommand("select * from members where username=@" + username + "", con);
        cmd.ExecuteNonQuery();
    }

我在类文件中使用了此函数，但是我想在sqldatareader中使用此函数，如何在sqldatareader中调用它.
例如:

I use this function in a class file, but I want to use this function in sqldatareader, how can I call it in sqldatareader.
Ex:

SqlDataReader dr=cmd.ExecuteReader();

但是现在我该如何调用该功能????因为现在我在此文件中没有cmd.它仅用类文件编写.

but now this function how can i call???? Because now i have no cmd in this file. its written in only class file.

推荐答案

这没有什么意义.
您有一个函数SelectMembers，该函数(很容易受到SQL注入攻击)获取其用户名与参数匹配的成员数的计数，然后将其丢弃.

然后，您想做一些不同的事情，但是您无法访问该方法的内部.

你想做什么?

如果要阅读成员详细信息，则将两个代码片段剪切并粘贴在一起，然后创建一个新方法:

That doesn''t make a lot of sense.
You have a function SelectMembers that (badly, and prone to SQL Injection attack) gets the count of the number of members whose username matches the parameter, and then throws it away.

Then you want to do something different, but you can''t access the internals of the method.

What are you trying to do?

If you want to read the member details, then cut and paste your two code fragments together and create a new method:

public static void SelectMembersAndActuallyReadThemThisTime(string username)
    {
        SqlConnection con = Database.GetConnection();
        SqlCommand cmd = new SqlCommand("select * from members where username=@" + username + "", con);
        SqlDataReader dr=cmd.ExecuteReader();
        while (dr.Read())
            {
            ...
            }
    }

更好的是，改为使用参数化查询:

Better still, use Parametrized Queries instead:

public static void SelectMembersAndActuallyReadThemThisTime(string username)
    {
        SqlConnection con = Database.GetConnection();
        SqlCommand cmd = new SqlCommand("select * from members where username=@UN", con);
        cmd.Parameters.AddWithValue("@UN", username);
        SqlDataReader dr=cmd.ExecuteReader();
        while (dr.Read())
            {
            ...
            }
    }

从OP更新:

如果我已经在类文件中声明了sqldatareader，那么我该如何比较另一种形式的文本字段中的变量?
像:

Update from OP:

"if i have declare the sqldatareader in class file then how can i compare variables from another form textfield
like:

if (dr["username"].ToString() == txtUserNamr.Text)

我如何从member.aspx访问txtUserName到类文件"

简而言之:不要.

较长的版本:不要这样做.如果您开始访问类中的表单变量，则会将两者联系在一起:如果不更改另一个变量，则无法对其进行更改.这会降低可重用性，并使维护更加困难，并有可能降低可靠性.

为什么需要?

您将用户名传递给您的例程，不是吗?那就是用户名"参数的意思，不是吗?
如果不是，它是干什么用的?
您已经从数据库中过滤了结果，因此它仅返回具有该用户名的记录:那么将其与其他值进行比较的意义何在?

how can i access txtUserName from member.aspx to class file"

In short: Don''t.

The longer version: Don''t do it. If you start accessing form variables in your class, you ties the two together: you cannot make changes to one without changing the other. This reduces reusability, and makes maintenance harder, as well as potentially reducing reliability.

Why do you need to?

You pass the username through to your routine, don''t you? That is what the "username" parameter is for, isn''t it?
If it isn''t, what is it for?
You have already filtered the results from your database so it only returns the records that have that username: So where is the point in comparing it against a different value?

 SqlConnection con = Database.GetConnection();
SqlDataAdapter adp = new SqlDataAdapter("select * from members where username=@" + username + "",con);
       DataSet ds = new DataSet();
        adp.Fill(ds);

希望对您有所帮助.

Hope this can help you.

mssqlserver for select

mssqlserver in code for select

create procedure select_employee6(@empid int,
                                  @empcode varchar(20),@empname varchar(20))
as
select * from employee

C#中的类代码

classcode in c#

public DataSet select()
    {
        Connection c = new Connection();
        //SqlCommand cmd = new SqlCommand("select_employee", c.con);
        SqlDataAdapter da = new SqlDataAdapter("select_employee6", c.con1 );
        da.SelectCommand.CommandType = CommandType.StoredProcedure;
        DataSet ds = new DataSet();
        da.Fill(ds);
        return ds;
    }

asp.net页面加载中的designpage代码，然后在
内部创建一种方法

designpage code in asp.net pageload and one method is created then inside the

private void bind()
    {
        tech t = new tech();
        DataSet ds = t.select();
        GridView1.DataSource = ds;
        GridView1.DataBind();
    }

在上面的序列中，此行的类代码中发生了一些错误

da.fill(ds);
如何发生错误.否则
您是否有可能为我的邮件编写代码anwar.anwa86@gmail.com
给我一个主意
如何获得结果

some errors occured in classcode in this line in above sequence

da.fill(ds);
how to get errors occured . otherwise
is it possible u get a idea for me in write the code for my mail anwar.anwa86@gmail.com

how to get the result

这篇关于选择命令的ASP.NET类代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！