C# 2个SQL命令插入和更新到不同的表
有2个sql命令,其中包含用于不同表的命令。 这是我的密码C# 2个SQL命令插入和更新到不同的表,c#,mysql,sql-server,ms-access,C#,Mysql,Sql Server,Ms Access,有2个sql命令,其中包含用于不同表的命令。 这是我的密码 private void button1_Click(object sender, EventArgs e) { string txtbx9 = textBox9.Text.ToString(); string cmbbx2 = comboBox2.SelectedItem.ToString(); string name = textBox1.Text.ToString();
private void button1_Click(object sender, EventArgs e)
{
string txtbx9 = textBox9.Text.ToString();
string cmbbx2 = comboBox2.SelectedItem.ToString();
string name = textBox1.Text.ToString();
string surname = textBox2.Text.ToString();
string company = textBox3.Text.ToString();
string txtbx8 = textBox8.Text.ToString();
string sts = "In House";
try
{
connection.Open();
MessageBox.Show("Payment approved.");
richTextBox1.Text = richTextBox1.Text + "The hotel received " + txtbx9 + " from this guest";
string rtb = richTextBox1.Text.ToString();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "INSERT INTO billing(g_name,g_surname,g_company,g_totalrate, g_paid, g_typepaid, info, u_add, u_tadd, g_ad, g_dd, g_amountofdays) VALUES('" + name + "','" + surname + "','" + company + "','" + txtbx8 + "', '" + txtbx9 + "', '" + cmbbx2 + "', '" + rtb + "', '" + label12.Text.ToString() + "', '" + this.dateTimePicker1.Value +"','"+textBox4.Text.ToString()+"','"+textBox5.Text.ToString()+"','"+textBox6.Text.ToString()+"')"; ;
command.ExecuteNonQuery();
command.CommandType = CommandType.Text;
command.CommandText = "UPDATE guestreg SET g_paidstatus='Paid '"+txtbx9+"'' where g_name ='"+name+"' and g_status = '"+sts"'";
command.Connection = connection;
connection.Open();
command.ExecuteNonQuery();
}
如何将这两个命令一起执行?
程序执行第一个sql命令,但不执行第二个您可以在on命令中执行这两个命令:
try
{
connection.Open();
MessageBox.Show("Payment approved.");
richTextBox1.Text = richTextBox1.Text + "The hotel received " + txtbx9 + " from this guest";
string rtb = richTextBox1.Text.ToString();
command.Connection = connection;
command.CommandText = "INSERT INTO billing(g_name,g_surname,g_company,g_totalrate, g_paid, g_typepaid, info, u_add, u_tadd, g_ad, g_dd, g_amountofdays) VALUES('" + name + "','" + surname + "','" + company + "','" + txtbx8 + "', '" + txtbx9 + "', '" + cmbbx2 + "', '" + rtb + "', '" + label12.Text.ToString() + "', '" + this.dateTimePicker1.Value +"','"+textBox4.Text.ToString()+"','"+textBox5.Text.ToString()+"','"+textBox6.Text.ToString()+"')";
command.CommandText += "\nUPDATE guestreg SET g_paidstatus='Paid '"+txtbx9+"'' where g_name ='"+name+"' and g_status = '"+sts"'";
command.ExecuteNonQuery();
}
或者一个接一个地执行它们:
try
{
connection.Open();
MessageBox.Show("Payment approved.");
richTextBox1.Text = richTextBox1.Text + "The hotel received " + txtbx9 + " from this guest";
string rtb = richTextBox1.Text.ToString();
command.Connection = connection;
command.CommandText = "INSERT INTO billing(g_name,g_surname,g_company,g_totalrate, g_paid, g_typepaid, info, u_add, u_tadd, g_ad, g_dd, g_amountofdays) VALUES('" + name + "','" + surname + "','" + company + "','" + txtbx8 + "', '" + txtbx9 + "', '" + cmbbx2 + "', '" + rtb + "', '" + label12.Text.ToString() + "', '" + this.dateTimePicker1.Value +"','"+textBox4.Text.ToString()+"','"+textBox5.Text.ToString()+"','"+textBox6.Text.ToString()+"')";
command.ExecuteNonQuery();
command.CommandText = "UPDATE guestreg SET g_paidstatus='Paid '"+txtbx9+"'' where g_name ='"+name+"' and g_status = '"+sts"'";
command.ExecuteNonQuery();
}
编辑:
正如Steve提到的(他绝对正确),参数应该作为SqlParameters
传递。其好处是可以更好地防止SQL注入,而且您可以确信,像“O'Neil”这样的意外输入不会破坏您的代码(参数名称可能更好):
您可以在on命令中执行这两个命令:
try
{
connection.Open();
MessageBox.Show("Payment approved.");
richTextBox1.Text = richTextBox1.Text + "The hotel received " + txtbx9 + " from this guest";
string rtb = richTextBox1.Text.ToString();
command.Connection = connection;
command.CommandText = "INSERT INTO billing(g_name,g_surname,g_company,g_totalrate, g_paid, g_typepaid, info, u_add, u_tadd, g_ad, g_dd, g_amountofdays) VALUES('" + name + "','" + surname + "','" + company + "','" + txtbx8 + "', '" + txtbx9 + "', '" + cmbbx2 + "', '" + rtb + "', '" + label12.Text.ToString() + "', '" + this.dateTimePicker1.Value +"','"+textBox4.Text.ToString()+"','"+textBox5.Text.ToString()+"','"+textBox6.Text.ToString()+"')";
command.CommandText += "\nUPDATE guestreg SET g_paidstatus='Paid '"+txtbx9+"'' where g_name ='"+name+"' and g_status = '"+sts"'";
command.ExecuteNonQuery();
}
或者一个接一个地执行它们:
try
{
connection.Open();
MessageBox.Show("Payment approved.");
richTextBox1.Text = richTextBox1.Text + "The hotel received " + txtbx9 + " from this guest";
string rtb = richTextBox1.Text.ToString();
command.Connection = connection;
command.CommandText = "INSERT INTO billing(g_name,g_surname,g_company,g_totalrate, g_paid, g_typepaid, info, u_add, u_tadd, g_ad, g_dd, g_amountofdays) VALUES('" + name + "','" + surname + "','" + company + "','" + txtbx8 + "', '" + txtbx9 + "', '" + cmbbx2 + "', '" + rtb + "', '" + label12.Text.ToString() + "', '" + this.dateTimePicker1.Value +"','"+textBox4.Text.ToString()+"','"+textBox5.Text.ToString()+"','"+textBox6.Text.ToString()+"')";
command.ExecuteNonQuery();
command.CommandText = "UPDATE guestreg SET g_paidstatus='Paid '"+txtbx9+"'' where g_name ='"+name+"' and g_status = '"+sts"'";
command.ExecuteNonQuery();
}
编辑:
正如Steve提到的(他绝对正确),参数应该作为SqlParameters
传递。其好处是可以更好地防止SQL注入,而且您可以确信,像“O'Neil”这样的意外输入不会破坏您的代码(参数名称可能更好):
你可以用这个。您必须创建两次命令
private void button1_Click(object sender, EventArgs e)
{
string txtbx9 = textBox9.Text.ToString();
string cmbbx2 = comboBox2.SelectedItem.ToString();
string name = textBox1.Text.ToString();
string surname = textBox2.Text.ToString();
string company = textBox3.Text.ToString();
string txtbx8 = textBox8.Text.ToString();
string sts = "In House";
try
{
connection.Open();
MessageBox.Show("Payment approved.");
richTextBox1.Text = richTextBox1.Text + "The hotel received " + txtbx9 + " from this guest";
string rtb = richTextBox1.Text.ToString();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "INSERT INTO billing(g_name,g_surname,g_company,g_totalrate, g_paid, g_typepaid, info, u_add, u_tadd, g_ad, g_dd, g_amountofdays) VALUES('" + name + "','" + surname + "','" + company + "','" + txtbx8 + "', '" + txtbx9 + "', '" + cmbbx2 + "', '" + rtb + "', '" + label12.Text.ToString() + "', '" + this.dateTimePicker1.Value +"','"+textBox4.Text.ToString()+"','"+textBox5.Text.ToString()+"','"+textBox6.Text.ToString()+"')"; ;
command.ExecuteNonQuery();
command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "UPDATE guestreg SET g_paidstatus='Paid '"+txtbx9+"'' where g_name ='"+name+"' and g_status = '"+sts"'";
command.ExecuteNonQuery();
}
}
你可以用这个。您必须创建两次命令
private void button1_Click(object sender, EventArgs e)
{
string txtbx9 = textBox9.Text.ToString();
string cmbbx2 = comboBox2.SelectedItem.ToString();
string name = textBox1.Text.ToString();
string surname = textBox2.Text.ToString();
string company = textBox3.Text.ToString();
string txtbx8 = textBox8.Text.ToString();
string sts = "In House";
try
{
connection.Open();
MessageBox.Show("Payment approved.");
richTextBox1.Text = richTextBox1.Text + "The hotel received " + txtbx9 + " from this guest";
string rtb = richTextBox1.Text.ToString();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "INSERT INTO billing(g_name,g_surname,g_company,g_totalrate, g_paid, g_typepaid, info, u_add, u_tadd, g_ad, g_dd, g_amountofdays) VALUES('" + name + "','" + surname + "','" + company + "','" + txtbx8 + "', '" + txtbx9 + "', '" + cmbbx2 + "', '" + rtb + "', '" + label12.Text.ToString() + "', '" + this.dateTimePicker1.Value +"','"+textBox4.Text.ToString()+"','"+textBox5.Text.ToString()+"','"+textBox6.Text.ToString()+"')"; ;
command.ExecuteNonQuery();
command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "UPDATE guestreg SET g_paidstatus='Paid '"+txtbx9+"'' where g_name ='"+name+"' and g_status = '"+sts"'";
command.ExecuteNonQuery();
}
}
有很多方法可以做到这一点,但对我来说,最简单的方法是关闭并重新这样做:
SqlCommand importCommand = new SqlCommand("select * from * ", connection);
SqlDataReader sqlDR = importCommand.ExecuteReader();
int index = 0;
while (sqlDR.Read()) { //something }
sqlDR.Close();
index = 0;
importCommand = new SqlCommand("select * from * ", connection);
sqlDR = importCommand.ExecuteReader();
sqlDR.Close();
有很多方法可以做到这一点,但对我来说,最简单的方法是关闭并重新这样做:
SqlCommand importCommand = new SqlCommand("select * from * ", connection);
SqlDataReader sqlDR = importCommand.ExecuteReader();
int index = 0;
while (sqlDR.Read()) { //something }
sqlDR.Close();
index = 0;
importCommand = new SqlCommand("select * from * ", connection);
sqlDR = importCommand.ExecuteReader();
sqlDR.Close();
您可以删除第二个
command.Connection=Connection;connection.Open()代码>,只需更改命令并再次执行,然后记得关闭连接。这是针对MySql、Sql Server还是MS Access?使用MySql/SQLServer,您可以使用两条Sql语句生成一条命令。这是无法访问的。您的问题是第二个连接已打开,而该连接已关闭open@stuartd在尝试之后有一个{
第二个ExecuteNonQuery
@stuartd之前还有一个,谢谢!一切都好worked@KeyurPATEL一切正常!非常感谢!!!你说得对!你可以删除第二个command.Connection=Connection;Connection.Open();
,只需更改命令并再次执行,然后记得关闭连接。这是针对MySql、Sql Server还是MS Access?对于MySql/Sql Server,您可以使用两个Sql语句执行一个命令。对于Access,这是不可能的。您的问题是,当连接已打开时,第二个连接已打开open@stuartd在try{
之后有一个,在第二个ExecuteNonQuery
之前有一个,谢谢!一切都好worked@KeyurPATEL一切正常!非常感谢!!!你说得对!这对MS Access不起作用(而且你忘记了两个命令文本之间的分号)我不知道这是为了访问。在SQL Server上,命令之间不需要分号OP标记了3个数据库。只有他/她知道,但我的第二个建议(编辑后)如果你不想给出完整的答案并推荐最佳实践,那么你就没有兴趣让你的答案成为未来读者的好参考,因此你应该期待有人批评你的工作这对MS Access不起作用(而且你忘记了两个命令文本之间的分号)我不知道这是为了访问。在SQL Server上,命令之间不需要分号OP标记了3个数据库。只有他/她知道,但我的第二个建议(编辑后)如果你不愿意给出完整的答案并推荐最佳实践,那么你就没有兴趣让你的答案成为未来读者的好参考,因此你应该期待有人批评你的工作