更新的条目适用于 C# 表单中的所有条目

Updated entry applies to all entries in C# forms

我有5个表格。第 5 种形式让我更新数据库中的条目。问题是,一旦我完成了一个条目的编辑并单击 Update 按钮,数据库中的所有其他条目都将是与编辑后的条目相同。因此,例如,我将“Mark”的名字编辑为“John”。单击 Update 后,我的所有其他条目也将变为“John”并且 John 的信息(如 empno 和部门)也将应用于其他条目.我做错了什么?

代码:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace OOP_Draft
{
    public partial class Form5 : Form
    {
        public Form5()
        {
            InitializeComponent();
            InitDataGrid();
        }
        SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\Kim\Documents\SMEMCO.mdf;Integrated Security=True");
       
        private void Form5_Load(object sender, EventArgs e)
        {

        }

        private void dgvUpdate_CellContentClick(object sender, DataGridViewCellEventArgs e)
        {

        }
        private void InitDataGrid()
        {
            con.Open();
            var da = new SqlDataAdapter("SELECT * FROM LoanRecord", con);
            var dtbl = new DataTable();
            da.Fill(dtbl);
            dgvUpdate.DataSource = dtbl;
        }

        private void btnDelete_Click(object sender, EventArgs e)
        {
            SqlCommand cmd = new SqlCommand("delete from LoanRecord where EmployeeName ='"+txtName.Text+"'", con);
            cmd.ExecuteNonQuery();
            con.Close();
            InitDataGrid();
            MessageBox.Show("Data sucessfully deleted to database.");
        }

        private void btnUpdate_Click(object sender, EventArgs e)
        {
            string query = "UPDATE LoanRecord SET EmployeeName ='"+txtName.Text+"',EmployeeNumber='"+txtEmpno.Text+"',Department='"+txtDept.Text+"',LoanAmount='"+txtAmount.Text+"',YearsToPay='"+txtYears.Text+"',MonthlyPayment='"+txtMonth.Text+"',TotalPayment='"+txtOverall.Text+"'";
            SqlDataAdapter da = new SqlDataAdapter(query, con);
            da.SelectCommand.ExecuteNonQuery();
            con.Close();
            InitDataGrid();
            MessageBox.Show("Data sucessfully updated to database.");
        }

        private void dgvUpdate_MouseDoubleClick(object sender, MouseEventArgs e)
        {
            txtName.Text = dgvUpdate.SelectedRows[0].Cells[1].Value.ToString();
            txtEmpno.Text = dgvUpdate.SelectedRows[0].Cells[2].Value.ToString();
            txtDept.Text = dgvUpdate.SelectedRows[0].Cells[3].Value.ToString();
            txtAmount.Text = dgvUpdate.SelectedRows[0].Cells[4].Value.ToString();
            txtYears.Text = dgvUpdate.SelectedRows[0].Cells[5].Value.ToString();
            txtMonth.Text = dgvUpdate.SelectedRows[0].Cells[6].Value.ToString();
            txtOverall.Text = dgvUpdate.SelectedRows[0].Cells[7].Value.ToString();
        }

        private void btnReset_Click(object sender, EventArgs e)
        {
            txtName.Clear();
            txtEmpno.Clear();
            txtEmail.Clear();
            txtDept.Clear();
            txtAmount.Clear();
            txtYears.Clear();
            txtMonth.Clear();
            txtOverall.Clear();
        }
    }
}

Changing Kim's name to Claire

All entries became Claire

您需要在更新语句中添加 where 子句

// add where clause,  otherwise the following will update the entire table
string query = "UPDATE LoanRecord SET EmployeeName ='"+txtName.Text+"',EmployeeNumber='"+txtEmpno.Text+"',Department='"+txtDept.Text+"',LoanAmount='"+txtAmount.Text+"',YearsToPay='"+txtYears.Text+"',MonthlyPayment='"+txtMonth.Text+"',TotalPayment='"+txtOverall.Text+"' where someId = @idParam";

不要忘记使用参数添加所有更新值。您的代码现在容易受到 sql 注入攻击。

在此处查看文档:https://docs.microsoft.com/en-us/dotnet/api/system.data.sqlclient.sqlcommand.parameters?view=dotnet-plat-ext-3.1