执行的SqlCommand查询更新不及时删除和插入 [英] sqlcommand execute query not updating deleting and inserting

问题描述

您好我一直使用的SqlCommand非查询，但现在有些不对劲，我不知道我有业务更新插入3个按钮和删除，但我创造了独特的方法对所有3操作，问题是，它不插入删除或更新

 私人无效operacao（字符串operacao）{
字符串COMANDO =; 
 CON =新的SqlConnection（）; 
 WorksDataSet数据=新WorksDataSet（）; 
 con.ConnectionString = @数据源= .\SQLEXPRESS; AttachDbFilename = | DataDirectory目录| \Works.mdf;集成安全=真;用户实例=真;异步处理=真; 
试
 {
 con.Open（）; 
 
} 
赶上（SQLEXCEPTION COX）{
 MessageBox.Show（cox.Message，this.Text，MessageBoxButtons.OK，MessageBoxIcon.Error）; 
} 
开关（operacao）{
案inserir：
 
试
 {
 COMANDO =INSERT INTO Estudante（Codigo，诺姆，Apelido）值（+ txtID.Text +，'+ txtNome.Text +，+ txtapelido.Text +'）; 
的SqlCommand命令=新的SqlCommand（COMANDO，CON）; 
 SqlDataAdapter的SDA =新SqlDataAdapter的（命令）; 
 command.CommandType = CommandType.Text; 
 sda.Fill（数据）; 
 command.ExecuteNonQuery（）; 
 command.Dispose（）; 
 MessageBox.Show（Adicionado COM Sucesso的，this.Text，MessageBoxButtons.OK，MessageBoxIcon.Information）; 
} 
赶上（SQLEXCEPTION性）{
 MessageBox.Show（sex.Message，this.Text，MessageBoxButtons.OK，MessageBoxIcon.Error）; 
} 
 
中断; 
 
案apagar：
 COMANDO =从Estudante删去Codigo =+ txtID; 
试
 {
 
的SqlCommand命令=新的SqlCommand（COMANDO，CON）; 
 command.BeginExecuteNonQuery（）; 
 MessageBox.Show（Removido COM Sucesso的，this.Text，MessageBoxButtons.OK，MessageBoxIcon.Information）; 
} 
赶上（SQLEXCEPTION性）
 {
 MessageBox.Show（sex.Message，this.Text，MessageBoxButtons.OK，MessageBoxIcon.Error）; 
} 
中断; 
案|刷新：
 COMANDO =更新表Estudante设置诺姆='+ txtNome +'^ apelido ='+ txtapelido +'; 
试
 {
 
的SqlCommand命令=新的SqlCommand（COMANDO，CON）; 
 command.BeginExecuteNonQuery（）; 
 MessageBox.Show（Actualizado COM Sucesso的，this.Text，MessageBoxButtons.OK，MessageBoxIcon.Information）; 
} 
赶上（SQLEXCEPTION性）
 {
 MessageBox.Show（sex.Message，this.Text，MessageBoxButtons.OK，MessageBoxIcon.Error）; 
} 
中断; 
默认：
突破
; 
} 
 con.Close（）; 
} 
  

解决方案

您应该使用参数化查询。 ALWAYS .....

本作的OP插入

  COMANDO =INSERT INTO Estudante（Codigo，诺姆，Apelido）值（@id，@nome，@apelido）; 
的SqlCommand命令=新的SqlCommand（COMANDO，CON）; 
 command.Parameters.AddWithValue（@ ID，txtID.Text）; 
 command.Parameters.AddWithValue（@诺姆，txtNome.Text）; 
 command.Parameters.AddWithValue（@ apelido，txtapelido.Text）; 
 command.CommandType = CommandType.Text; 
 command.ExecuteNonQuery（）; 
  

没有必要用一个数据集或这里的DataAdapter。只是为ExecuteNonQuery

这对于删除操作。

  COMANDO = 从哪里Estudante = Codigo @ ID删除; 
的SqlCommand命令=新的SqlCommand（COMANDO，CON）; 
 command.Parameters.AddWithValue（@ ID，txtID.Text）; 
 command.CommandType = CommandType.Text; 
 command.ExecuteNonQuery（）; 
  

请注意，你应该通过Text属性，而不是整个文本框

这对于更新运算

  COMANDO =更新表Estudante设置诺姆= @诺姆，apelido = @apelido哪里codigo = @ ID; 
的SqlCommand命令=新的SqlCommand（COMANDO，CON）; 
 command.Parameters.AddWithValue（@ ID，txtID.Text）; 
 command.Parameters.AddWithValue（@诺姆，txtNome.Text）; 
 command.Parameters.AddWithValue（@ apelido，txtapelido.Text）; 
 command.CommandType = CommandType.Text; 
 command.ExecuteNonQuery（）; 
  

下面还，使用Text属性而不是文本框对象

在这种方式，你不必担心你的字符串PARAMS报价和你关上门到

的 SQL注入攻击

Hello i always use SQlcommand for non query but now something wrong i dont know what i have 3 buttons with operations update insert and delete but i created unique method for all 3 operations, the problem is it doesn't insert delete or update:

private void operacao(String operacao) {
        String comando = "";
        con = new SqlConnection();
        WorksDataSet  dataset = new WorksDataSet();
        con.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Works.mdf;Integrated Security=True;User Instance=True;Asynchronous Processing=true";
        try
        {
            con.Open();

        }
        catch (SqlException cox) {
            MessageBox.Show(cox.Message, this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error);
        }
        switch (operacao) { 
            case "inserir":

                try
                {
                    comando = "Insert Into Estudante (Codigo,Nome,Apelido) values(" + txtID.Text + ",'" + txtNome.Text + "','" + txtapelido.Text + "')";
                    SqlCommand command = new SqlCommand(comando, con);
                    SqlDataAdapter sda=new SqlDataAdapter(command);
                    command.CommandType = CommandType.Text;
                    sda.Fill(dataset);
                    command.ExecuteNonQuery();
                    command.Dispose();
                    MessageBox.Show("Adicionado com Sucesso", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Information);
                }
                catch (SqlException sex) {
                    MessageBox.Show(sex.Message , this.Text,MessageBoxButtons.OK,MessageBoxIcon.Error );
                }

                break;

            case "apagar":
                comando = "delete from Estudante where Codigo=" + txtID;
                try
                {

                    SqlCommand command = new SqlCommand(comando, con);
                    command.BeginExecuteNonQuery();
                    MessageBox.Show("Removido com Sucesso", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Information);
                }
                catch (SqlException sex)
                {
                    MessageBox.Show(sex.Message, this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error);
                }
                break;
            case "atualizar":
                comando = "update table Estudante set nome='" + txtNome + "'^ apelido='" + txtapelido + "'";
                try
                {

                    SqlCommand command = new SqlCommand(comando, con);
                    command.BeginExecuteNonQuery();
                    MessageBox.Show("Actualizado com Sucesso", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Information);
                }
                catch (SqlException sex)
                {
                    MessageBox.Show(sex.Message, this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error);
                }
                break;
            default:
                break
                ;
        }
        con.Close();
    }

解决方案

You should use parametrized query. ALWAYS.....

this for the insert op.

comando = "Insert Into Estudante (Codigo,Nome,Apelido) values(@id, @nome, @apelido");
SqlCommand command = new SqlCommand(comando, con);                     
command.Parameters.AddWithValue("@id", txtID.Text);
command.Parameters.AddWithValue("@nome", txtNome.Text);
command.Parameters.AddWithValue("@apelido", txtapelido.Text);
command.CommandType = CommandType.Text;                     
command.ExecuteNonQuery(); 

No need to use a dataset or a dataadapter here. just the ExecuteNonQuery

this for the delete op.

comando = "delete from Estudante where Codigo=@id";
SqlCommand command = new SqlCommand(comando, con);
command.Parameters.AddWithValue("@id", txtID.Text);
command.CommandType = CommandType.Text;
command.ExecuteNonQuery();                     

Notice that you should pass the Text property, not the whole TextBox

this for the update op

comando = "update table Estudante set nome=@nome, apelido=@apelido where codigo=@id";
SqlCommand command = new SqlCommand(comando, con);
command.Parameters.AddWithValue("@id", txtID.Text);
command.Parameters.AddWithValue("@nome", txtNome.Text);
command.Parameters.AddWithValue("@apelido", txtapelido.Text);
command.CommandType = CommandType.Text;
command.ExecuteNonQuery();                     

Here also, use the Text property not the TextBox object

In this way you don't need to worry about quotes in your string params and you close the door to
Sql Injection Attacks

这篇关于执行的SqlCommand查询更新不及时删除和插入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！