C# 若值存在,则更新,否则在数据库中插入值
我有一个问题,如果我的C# 若值存在,则更新,否则在数据库中插入值,c#,sql-server,if-statement,sql-update,sql-insert,C#,Sql Server,If Statement,Sql Update,Sql Insert,我有一个问题,如果我的文本框的4中有一个值-ID、房间类型、价格、额外费用;如果数据库中存在房间类型,则更新,如果不存在,则插入数据库 public void existRoomType() { con.Open(); string typetable = "tblRoomType"; string existquery = "SELECT*FROM tblRoomType WHERE RoomType = '" + txtRoomType.Text + "'";
文本框的4中有一个值
-ID、房间类型、价格、额外费用;如果数据库中存在房间类型,则更新,如果不存在,则插入数据库
public void existRoomType()
{
con.Open();
string typetable = "tblRoomType";
string existquery = "SELECT*FROM tblRoomType WHERE RoomType = '" + txtRoomType.Text + "'";
da = new SqlDataAdapter(existquery, con);
da.Fill(ds, typetable);
int counter = 0;
if (counter < ds.Tables[typetable].Rows.Count)
{
cmd.Connection = con;
string edittypequery = "UPDATE tblRoomType SET RoomType = '" + txtRoomType.Text + "', RoomRate = '" + txtRateOfRoom.Text + "', ExtraCharge = '" + txtExtraCharge.Text + "', CancelFee = '" + txtCancelFee.Text + "', MaxOccupant = " + txtMaxOccupants.Text + "" +
"WHERE TypeID = '" + txtTypeID.Text + "'";
cmd.CommandText = edittypequery;
cmd.ExecuteNonQuery();
MessageBox.Show("Type of Room is added.", "Room Type Management", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
cmd.Connection = con;
string addtypequery = "INSERT INTO tblRoomType VALUES ('" + txtTypeID.Text + "','" + txtRoomType.Text + "','" + txtRateOfRoom.Text + "','" + txtExtraCharge.Text + "','" + txtCancelFee.Text + "'," + txtMaxOccupants.Text + ")";
cmd.CommandText = addtypequery;
cmd.ExecuteNonQuery();
MessageBox.Show("Type of Room is edited.", "Room Type Management", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
con.Close();
}
public void existRoomType()
{
con.Open();
字符串typetable=“tblRoomType”;
string existquery=“从tblRoomType中选择*,其中RoomType=”+txtRoomType.Text+”;
da=新的SqlDataAdapter(existquery,con);
da.填写(ds,打印表);
int计数器=0;
if(计数器
如果我将条件
If
语句从counter
更改为counter>ds.Tables[typetable].Rows.Count
,我可以添加值,但不能在数据库中编辑/更新。您要查找的是一个“UPSERT”语句。upsert组合了insert和update语句,并将执行相关操作。它从MS SQL 2003开始提供,但直到SQL Server 2008引入该功能后才完全成熟
public void existRoomType()
{
con.Open();
string typetable = "tblRoomType";
string existquery = "SELECT*FROM tblRoomType WHERE RoomType = '" + txtRoomType.Text + "'";
da = new SqlDataAdapter(existquery, con);
da.Fill(ds, typetable);
int counter = 0;
if (counter < ds.Tables[typetable].Rows.Count)
{
cmd.Connection = con;
string edittypequery = "UPDATE tblRoomType SET RoomType = '" + txtRoomType.Text + "', RoomRate = '" + txtRateOfRoom.Text + "', ExtraCharge = '" + txtExtraCharge.Text + "', CancelFee = '" + txtCancelFee.Text + "', MaxOccupant = " + txtMaxOccupants.Text + "" +
"WHERE TypeID = '" + txtTypeID.Text + "'";
cmd.CommandText = edittypequery;
cmd.ExecuteNonQuery();
MessageBox.Show("Type of Room is added.", "Room Type Management", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
cmd.Connection = con;
string addtypequery = "INSERT INTO tblRoomType VALUES ('" + txtTypeID.Text + "','" + txtRoomType.Text + "','" + txtRateOfRoom.Text + "','" + txtExtraCharge.Text + "','" + txtCancelFee.Text + "'," + txtMaxOccupants.Text + ")";
cmd.CommandText = addtypequery;
cmd.ExecuteNonQuery();
MessageBox.Show("Type of Room is edited.", "Room Type Management", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
con.Close();
}
这是一个代码示例,取自。该答案还引用了作为使用MERGE
语句的良好介绍
MERGE
member_topic AS target
USING
someOtherTable AS source
ON
target.mt_member = source.mt_member
AND source.mt_member = 0
AND source.mt_topic = 110
WHEN MATCHED THEN
UPDATE SET mt_notes = 'test'
WHEN NOT MATCHED THEN
INSERT (mt_member, mt_topic, mt_notes) VALUES (0, 110, 'test')
;
这种方法的好处是它只需要一个SQL查询,而您当前的方法需要两个查询。它还避免了混合语言,这通常有利于可维护性
您还应该使用将变量值传递给SQL。这将为您提供针对SQL注入的保护。您需要的是一个“UPSERT”语句。upsert组合了insert和update语句,并将执行相关操作。它从MS SQL 2003开始提供,但直到SQL Server 2008引入该功能后才完全成熟 这是一个代码示例,取自。该答案还引用了作为使用
MERGE
语句的良好介绍
MERGE
member_topic AS target
USING
someOtherTable AS source
ON
target.mt_member = source.mt_member
AND source.mt_member = 0
AND source.mt_topic = 110
WHEN MATCHED THEN
UPDATE SET mt_notes = 'test'
WHEN NOT MATCHED THEN
INSERT (mt_member, mt_topic, mt_notes) VALUES (0, 110, 'test')
;
这种方法的好处是它只需要一个SQL查询,而您当前的方法需要两个查询。它还避免了混合语言,这通常有利于可维护性
您还应该使用将变量值传递给SQL。这将为您提供防止SQL注入的保护。我假定您使用的是Microsoft SQL Server--请确认,因为SQL实现之间的语法不同。您需要阅读SQL注入,这是一个教科书上的示例。您需要使用参数化查询。不要像选择*这样检查行的存在。存在使用。
cmd.Connection=con
可以移到if语句之外我假定您使用的是Microsoft SQL Server--请确认,因为SQL实现之间的语法不同。您需要阅读SQL注入,这是一个教科书上的示例。您需要使用参数化查询。不要像选择*这样检查行的存在。存在使用。cmd.Connection=con
可以移到if语句之外,Answer可以通过显示本例中的参数化查询来改进。。。至少对于查询部分来说是这样。对于本例,可以通过显示参数化查询的样子来改进答案。。。至少对于查询部分。