如何使用C＃.net更新从表中的数据 [英] how to update data from table using C#.net

问题描述

我有一个形式打开其中已入住箱装一些数据（如用户名，CNIC，联络电话，等等等等），现在我想更新的方式，将数据我只是更改文本文本框，然后点击保存更改保存它。我试过，但我不能做这件事正确的方式。

I've a form opened which is has loaded some sort of data (like username, CNIC, Contact no, etc etc) in Check boxes, now I want to update the data in such manner that I simply change the text in the text boxes and click on the save changes to save it. I've tried it but I am not able to do it in correct manner.

让我告诉你我是如何编码的，在我的SaveChanges frmViewformList没有按钮代码是：

Let me show you how I've coded, the code I did in frmViewformList savechanges button is :

private void btnSaveChanges_Click(object sender, EventArgs e)
{
    string sql;
    string UserName;


    UserName = txtUserName.Text; // saving data loaded on run time to UserName 

    sql = "";
    sql += "UPDATE UserLogin";
    sql += "SET Name = "+ //how to access data I've changed in TextBox after loading +"";
    sql += "WHERE Name= " + //how to access data which was in text box right after loading + "";  //
}

我有点困惑如何引用数据，如名称已经在文本框中或者我已经改变了名称，以及如何写SQL查询...

I am a bit confused about how to refer to data, like the name already in the text box or the name which I have changed and how to write it in SQL query...

这问题有点混乱，我知道。让我解释;形式加载，还有一些是在加载事件数据库中填充数据的文本框，我改变文本框的数据并保存在点击，以便更新查询运行，并在数据库中更改数据也是如此。
我不能在这里创建逻辑如何做到这一点，任何一个可以帮助我，我很抱歉，我的C＃这就是为什么我有点糊涂了一个新的开发。

This question is a bit confusing, I know. Let me explain; the form is loaded, there are text boxes which is being populated with the data in database on load event, I change the data in text boxes and save on click so that the update query runs and changes the data in database as well. I'm not able to create logic here how to do this, can any one help me out, I am sorry I am a new developer of C# that's why I am a bit confused.

推荐答案

您应该使用SQL参数，以避免SQL注入可能会令你的数据库容易受到恶意利用。

You should use Sql Parameters in order to avoid SQL Injection which could leave your database vulnerable to malicious exploitation.

这是这样你就不必重复代码，这样就可以保持你的代码更易于分离逻辑执行更新到您创建查询逻辑是个好主意。

It's a good idea to separate the logic for performing the update to the logic where you create your query so you don't have to repeat code and so that you can maintain your code easier.

下面是可以参考的例子：

Here is an example you can reference:

public void DoWork()
{
    // Build Query Use @Name Parameters instead of direct values to prevent SQL Injection
    StringBuilder sql = new StringBuilder();
    sql.Append("UPDATE UserLogin");
    sql.Append("SET Name = @UpdatedName");
    sql.Append("WHERE Name = @Name");

    // Create parameters with the value you want to pass to SQL
    SqlParameter name = new SqlParameter("@Name", "whatEverOldNameWas");
    SqlParameter updatedName = new SqlParameter("@UpdatedName", txtUserName.Text);

    Update(sql.ToString(), new [] { name, updatedName });
}

private static readonly string connectionString   = "Your connection string"
private static readonly DbProviderFactory factory = DbProviderFactories.GetFactory("System.Data.SqlClient");

public static int Update(string sql, SqlParameter[] parameters)
{
    try
    {
        using (DbConnection connection = factory.CreateConnection())
        {
            connection.ConnectionString = connectionString;
            using (DbCommand command = factory.CreateCommand())
            {
                command.Connection  = connection;
                command.CommandText = sql;

                foreach (var parameter in parameters)
                {
                    if (parameter != null)
                        command.Parameters.Add(parameter);
                }

                connection.Open();
                return command.ExecuteNonQuery();
            }
        }
    }
    catch (Exception)
    {
        throw;
    }
}

这篇关于如何使用C＃.net更新从表中的数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！