更新的条目适用于 C# 表单中的所有条目
Updated entry applies to all entries in C# forms
我有5个表格。第 5 种形式让我更新数据库中的条目。问题是,一旦我完成了一个条目的编辑并单击 Update 按钮,数据库中的所有其他条目都将是与编辑后的条目相同。因此,例如,我将“Mark”的名字编辑为“John”。单击 Update 后,我的所有其他条目也将变为“John”并且 John 的信息(如 empno 和部门)也将应用于其他条目.我做错了什么?
代码:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;
namespace OOP_Draft
{
public partial class Form5 : Form
{
public Form5()
{
InitializeComponent();
InitDataGrid();
}
SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\Kim\Documents\SMEMCO.mdf;Integrated Security=True");
private void Form5_Load(object sender, EventArgs e)
{
}
private void dgvUpdate_CellContentClick(object sender, DataGridViewCellEventArgs e)
{
}
private void InitDataGrid()
{
con.Open();
var da = new SqlDataAdapter("SELECT * FROM LoanRecord", con);
var dtbl = new DataTable();
da.Fill(dtbl);
dgvUpdate.DataSource = dtbl;
}
private void btnDelete_Click(object sender, EventArgs e)
{
SqlCommand cmd = new SqlCommand("delete from LoanRecord where EmployeeName ='"+txtName.Text+"'", con);
cmd.ExecuteNonQuery();
con.Close();
InitDataGrid();
MessageBox.Show("Data sucessfully deleted to database.");
}
private void btnUpdate_Click(object sender, EventArgs e)
{
string query = "UPDATE LoanRecord SET EmployeeName ='"+txtName.Text+"',EmployeeNumber='"+txtEmpno.Text+"',Department='"+txtDept.Text+"',LoanAmount='"+txtAmount.Text+"',YearsToPay='"+txtYears.Text+"',MonthlyPayment='"+txtMonth.Text+"',TotalPayment='"+txtOverall.Text+"'";
SqlDataAdapter da = new SqlDataAdapter(query, con);
da.SelectCommand.ExecuteNonQuery();
con.Close();
InitDataGrid();
MessageBox.Show("Data sucessfully updated to database.");
}
private void dgvUpdate_MouseDoubleClick(object sender, MouseEventArgs e)
{
txtName.Text = dgvUpdate.SelectedRows[0].Cells[1].Value.ToString();
txtEmpno.Text = dgvUpdate.SelectedRows[0].Cells[2].Value.ToString();
txtDept.Text = dgvUpdate.SelectedRows[0].Cells[3].Value.ToString();
txtAmount.Text = dgvUpdate.SelectedRows[0].Cells[4].Value.ToString();
txtYears.Text = dgvUpdate.SelectedRows[0].Cells[5].Value.ToString();
txtMonth.Text = dgvUpdate.SelectedRows[0].Cells[6].Value.ToString();
txtOverall.Text = dgvUpdate.SelectedRows[0].Cells[7].Value.ToString();
}
private void btnReset_Click(object sender, EventArgs e)
{
txtName.Clear();
txtEmpno.Clear();
txtEmail.Clear();
txtDept.Clear();
txtAmount.Clear();
txtYears.Clear();
txtMonth.Clear();
txtOverall.Clear();
}
}
}
Changing Kim's name to Claire
All entries became Claire
您需要在更新语句中添加 where 子句
// add where clause, otherwise the following will update the entire table
string query = "UPDATE LoanRecord SET EmployeeName ='"+txtName.Text+"',EmployeeNumber='"+txtEmpno.Text+"',Department='"+txtDept.Text+"',LoanAmount='"+txtAmount.Text+"',YearsToPay='"+txtYears.Text+"',MonthlyPayment='"+txtMonth.Text+"',TotalPayment='"+txtOverall.Text+"' where someId = @idParam";
不要忘记使用参数添加所有更新值。您的代码现在容易受到 sql 注入攻击。
我有5个表格。第 5 种形式让我更新数据库中的条目。问题是,一旦我完成了一个条目的编辑并单击 Update 按钮,数据库中的所有其他条目都将是与编辑后的条目相同。因此,例如,我将“Mark”的名字编辑为“John”。单击 Update 后,我的所有其他条目也将变为“John”并且 John 的信息(如 empno 和部门)也将应用于其他条目.我做错了什么?
代码:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;
namespace OOP_Draft
{
public partial class Form5 : Form
{
public Form5()
{
InitializeComponent();
InitDataGrid();
}
SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\Kim\Documents\SMEMCO.mdf;Integrated Security=True");
private void Form5_Load(object sender, EventArgs e)
{
}
private void dgvUpdate_CellContentClick(object sender, DataGridViewCellEventArgs e)
{
}
private void InitDataGrid()
{
con.Open();
var da = new SqlDataAdapter("SELECT * FROM LoanRecord", con);
var dtbl = new DataTable();
da.Fill(dtbl);
dgvUpdate.DataSource = dtbl;
}
private void btnDelete_Click(object sender, EventArgs e)
{
SqlCommand cmd = new SqlCommand("delete from LoanRecord where EmployeeName ='"+txtName.Text+"'", con);
cmd.ExecuteNonQuery();
con.Close();
InitDataGrid();
MessageBox.Show("Data sucessfully deleted to database.");
}
private void btnUpdate_Click(object sender, EventArgs e)
{
string query = "UPDATE LoanRecord SET EmployeeName ='"+txtName.Text+"',EmployeeNumber='"+txtEmpno.Text+"',Department='"+txtDept.Text+"',LoanAmount='"+txtAmount.Text+"',YearsToPay='"+txtYears.Text+"',MonthlyPayment='"+txtMonth.Text+"',TotalPayment='"+txtOverall.Text+"'";
SqlDataAdapter da = new SqlDataAdapter(query, con);
da.SelectCommand.ExecuteNonQuery();
con.Close();
InitDataGrid();
MessageBox.Show("Data sucessfully updated to database.");
}
private void dgvUpdate_MouseDoubleClick(object sender, MouseEventArgs e)
{
txtName.Text = dgvUpdate.SelectedRows[0].Cells[1].Value.ToString();
txtEmpno.Text = dgvUpdate.SelectedRows[0].Cells[2].Value.ToString();
txtDept.Text = dgvUpdate.SelectedRows[0].Cells[3].Value.ToString();
txtAmount.Text = dgvUpdate.SelectedRows[0].Cells[4].Value.ToString();
txtYears.Text = dgvUpdate.SelectedRows[0].Cells[5].Value.ToString();
txtMonth.Text = dgvUpdate.SelectedRows[0].Cells[6].Value.ToString();
txtOverall.Text = dgvUpdate.SelectedRows[0].Cells[7].Value.ToString();
}
private void btnReset_Click(object sender, EventArgs e)
{
txtName.Clear();
txtEmpno.Clear();
txtEmail.Clear();
txtDept.Clear();
txtAmount.Clear();
txtYears.Clear();
txtMonth.Clear();
txtOverall.Clear();
}
}
}
Changing Kim's name to Claire
All entries became Claire
您需要在更新语句中添加 where 子句
// add where clause, otherwise the following will update the entire table
string query = "UPDATE LoanRecord SET EmployeeName ='"+txtName.Text+"',EmployeeNumber='"+txtEmpno.Text+"',Department='"+txtDept.Text+"',LoanAmount='"+txtAmount.Text+"',YearsToPay='"+txtYears.Text+"',MonthlyPayment='"+txtMonth.Text+"',TotalPayment='"+txtOverall.Text+"' where someId = @idParam";
不要忘记使用参数添加所有更新值。您的代码现在容易受到 sql 注入攻击。