1. 首頁
  2. 問答
  3. 生成

生成

2017-05-11 29 views
2

以我應用它創建一個表和進口數據,然後作爲顯示在下面的代碼的一部分寫入到數據庫中:生成

private void button3_Click(object sender, EventArgs e) 
{ 
    if (textBox2.Text.Contains(" ")) 
    { 
     MessageBox.Show("Name cannot be blank or contain spaces!"); 
    } 
    else 
    { 
     if (string.IsNullOrEmpty(textBox2.Text)) 
     { 
      MessageBox.Show("Name cannot be blank or contain spaces!"); 
     } 
     else 
     { 
      MessageBox.Show("Currently importing " + textBox2.Text + "...\nA confirmation will be displayed when finished"); 

      string connectionString = "Data Source=bidb;Initial Catalog=STAGING;Integrated Security=True"; 
      string query = "CREATE TABLE [dbo].[" + textBox2.Text + "](" + "[Code] [varchar] (13) NOT NULL," + 
      "[Description] [varchar] (255) NOT NULL," + "[NDC] [varchar] (255) NULL," + 
      "[Supplier Code] [varchar] (38) NULL," + "[Supplier Description] [varchar] (255) NULL, " + "[UOM] [varchar] (8) NULL," + "[Size] [varchar] (8) NULL," + "[Progress][varchar](2) DEFAULT '0')"; 
}

更新代碼從上方:

private void button1_Click(object sender, EventArgs e) 
    { 
     if (textBox1.Text.Contains(" ")) 
     { 
      MessageBox.Show("Name cannot be blank or contain spaces!"); 
     } 
     if (string.IsNullOrEmpty(textBox1.Text)) 
     { 
      MessageBox.Show("Name cannot be blank or contain spaces!"); 
     } 
     else 
     { 
      string connectionString = "Data Source=bidb;Initial Catalog=STAGING;Integrated Security=True"; 
      string query = "CREATE TABLE [dbo].[" + textBox1.Text.Replace("'", "''") + "](" + "ID int IDENTITY (1,1)," + "[Code] [varchar] (13) NOT NULL," + 
      "[Description] [varchar] (255) NOT NULL," + "[NDC] [varchar] (50) NULL," + 
      "[Supplier Code] [varchar] (50) NULL," + "[Supplier Description] [varchar] (255) NULL," + "[UOM] [varchar] (8) NULL," + "[Size] [varchar] (8) NULL,)"; 


      using (SqlConnection connection = new SqlConnection(connectionString)) 
      { 
       SqlCommand command = new SqlCommand(query, connection); 
       command.Connection.Open(); 
       command.ExecuteNonQuery(); 
      } 
      MessageBox.Show("Table Created in Database successfully!"); 
      this.Close(); 

     } 
    } 
}

之後它保存到前面提到的數據庫。它創建後。在我的代碼的另一部分中,它加載了創建的表的組合框,將列「progress」更新爲默認值0。爲了更好地理解這裏的代碼片段:

{ 

    if (string.IsNullOrEmpty(comboBox4.Text)) 
    { 
     MessageBox.Show("Cannot reset previous value on an empty record,\n please load a table!"); 
    } 
    else 
    { 
     comboBox2.SelectedIndex -= 1; 
     string connectionString2 = "Data Source=bidb;Initial Catalog=STAGING;Integrated Security=True"; 
     string query2 = "UPDATE dbo.[" + comboBox4.Text + "] SET Progress= '0' where code = '" + comboBox2.Text + "'; ";

代碼,與各自的表格填寫:

private void FillCombo() 
    { 



     comboBox4.Items.Clear(); 



     try 
     { 

      string connectionString = "Data Source=bidb;Initial Catalog=STAGING;Integrated Security=True"; 
      using (SqlConnection con2 = new SqlConnection(connectionString)) 
      { 
       con2.Open(); 
       string query = "SELECT * FROM INFORMATION_SCHEMA.TABLES "; 
       SqlCommand cmd2 = new SqlCommand(query, con2); 

       SqlDataReader dr2 = cmd2.ExecuteReader(); 
       while (dr2.Read()) 
       { 
        int col = dr2.GetOrdinal("TABLE_NAME"); 
        comboBox4.Items.Add(dr2[col].ToString()); 
        //con2.Close(); 
       } 
       // comboBox4.SelectedIndex = 0; 

      } 
     } 
     catch (Exception ex) 
     { 
      MessageBox.Show(ex.ToString()); 
     } 

    }

好就是好的,好的,但我的問題是,是的,它從加載表comboBox,但它也加載表中存在的其他表。這是問題發生的地方。如果我在該組合框中選擇任何其他表,則應用程序崩潰。這是因爲將進度列設置爲默認值零的代碼並不像數據庫中其他表中預期的那樣存在。它只會在我最初從我的應用程序創建的表格中。我將如何處理這個錯誤,以便如果用戶選擇了一個表格,而不是最初在我的應用程序中創建的表格,那麼它可以告訴他們「這是表格選擇無效」。基本上這種錯誤信息。我會如何處理這個問題?

來源

2017-05-11 Adam Newman

+0

但是,您如何填寫該組合框?重點在這裏。使用connection.GetSchema方法填充有效名稱並檢查哪個表具有有效列。作爲第二個說明。您的代碼是Sql Injection – Steve

+1

'1的從業者的一方。學會創建參數化查詢並創建更新陳述和選擇語句,並在獨立的存儲過程中創建語句2。將連接字符串存儲在app.config或web.config文件中''3。顯示或向我們顯示確切的錯誤消息' – MethodMan

+1

@MethodMan注意到。將練習這些建議。至於錯誤消息,沒有。應用只是凍結,因爲我選擇另一個表比創建較早 –

回答

1

隨着不止一次說過在上面的評論,你的代碼有很多,從SQL注入變化缺少正確的名稱的驗證問題。
解決所有這些問題可能會使整個文章的答案升級,所以我限制自己爲您提供一個簡單的方法,以獲取包含最終代碼所需的兩個字段的表的列表。

有了這個代碼,你可以只有效的表名補combobox4。
(即具有兩個柱進展和列代碼IE表)

SqlDataAdapter da = new SqlDataAdapter(@"SELECT table_name, count(table_name) 
             FROM INFORMATION_SCHEMA.COLUMNS 
             WHERE column_name = 'Progress' OR 
               column_name = 'Code' 
             GROUP BY table_name 
             HAVING count(table_name) > 1", 
         connection); 
DataTable dt = new DataTable(); 
da.Fill(dt); 
combobox4.DataSource = dt; 
combobox4.DisplayMember = "table_name";

一定要具有,至少,所涉及的組合框是從最終用戶不可編輯。

來源

2017-05-11 21:34:19 Steve

+0

謝謝。我會看看這個,並回復我的反饋。在附註中,我使用加載表格的代碼更新了我的帖子。我不知道你是否想看看,是的,組合框不可編輯 –

+1

嗯,你可以簡單地改變上面的查詢,它應該工作。 – Steve

相關問題

 相關問題