0
我對C#很新,需要一些幫助來驗證可以添加到訪問數據庫的輸入,然後才能插入它。驗證數據庫輸入C#訪問Oledb
如果還沒有輸入內容,大部分驗證都會顯示「沒有輸入任何內容」,或者如果某些內容需要更多字符,那麼「內容太短」。我怎麼能實現這樣的事情?
這裏是我的代碼:
using System;
using System.Collections.Generic;
using System.Data.OleDb;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using ClassLibrary;
using System.Data;
namespace ClassLibrary2
{
public class Class1
{
OleDbConnection connection;
OleDbCommand command;
private void ConnectTo()
{
connection = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=F:\CMS\CustomerDatabase.accdb;Persist Security Info=False");
command = connection.CreateCommand();
}
public Class1()
{
ConnectTo();
}
public void Insert(Customer p)
{
try
{
command.CommandText = "INSERT INTO CustomerData ([Forename], [Surname], [Email Address], [Home Phone Number], [Mobile Phone Number], [Address], [AreaTown], [County], [Postcode]) VALUES('" + p.Forename1 + "', '" + p.Surname1 + "', '" + p.EAddress1 + "', '" + p.HomePhone1 + "' , '" + p.MobNum1 + "' , '" + p.Address1 + "', '" + p.AreaTown1 + "', '" + p.County1 + "', '" + p.Postcode1 + "')";
command.CommandType = CommandType.Text;
connection.Open();
command.ExecuteNonQuery();
}
catch (Exception)
{
throw;
}
finally
{
if (connection != null)
{
connection.Close();
}
}
}
public List<Customer> FillComboBox()
{
List<Customer> CustomersList = new List<Customer>();
try
{
command.CommandText = "SELECT * FROM CustomerData";
command.CommandType = CommandType.Text;
connection.Open();
OleDbDataReader reader = command.ExecuteReader();
while (reader.Read())
{
Customer p = new Customer();
p.Id = Convert.ToInt32(reader["ID"].ToString());
p.Forename1 = reader["Forename"].ToString();
p.Surname1 = reader["Surname"].ToString();
p.EAddress1 = reader["Email Address"].ToString();
p.HomePhone1 = reader["Home Phone Number"].ToString();
p.MobNum1 = reader["Mobile Phone Number"].ToString();
p.Address1 = reader["Address"].ToString();
p.AreaTown1 = reader["AreaTown"].ToString();
p.County1 = reader["County"].ToString();
p.Postcode1 = reader["Postcode"].ToString();
CustomersList.Add(p);
}
return CustomersList;
}
catch (Exception)
{
throw;
}
finally
{
if (connection != null)
{
connection.Close();
}
}
}
public void Update(Customer oldCustomer, Customer newCustomer)
{
try
{
command.CommandText = "UPDATE CustomerData SET [Forename] = @newCustomer.Forename1, [Surname] = @newCustomer.Surname1, [Email Address] = @newCustomer.EAddress1, [Home Phone Number]= @newCustomer.HomePhone1, [Mobile Phone Number] = @newCustomer.MobNum1, [Address]= @newCustomer.Address1, [AreaTown] = @newCustomer.AreaTown1, [County]= @newCustomer.County1, [Postcode]= @newCustomer.Postcode1 WHERE [ID] = @oldCustomer.Id";
command.Parameters.AddWithValue("@Forename", newCustomer.Forename1);
command.Parameters.AddWithValue("@Surname", newCustomer.Surname1);
command.Parameters.AddWithValue("@Email Address", newCustomer.EAddress1);
command.Parameters.AddWithValue("@Home Phone Number", newCustomer.HomePhone1);
command.Parameters.AddWithValue("@Mobile Phone Number", newCustomer.MobNum1);
command.Parameters.AddWithValue("@Address", newCustomer.Address1);
command.Parameters.AddWithValue("@AreaTown", newCustomer.AreaTown1);
command.Parameters.AddWithValue("@County", newCustomer.County1);
command.Parameters.AddWithValue("@Postcode", newCustomer.Postcode1);
command.Parameters.AddWithValue("@ID", oldCustomer.Id);
command.CommandType = CommandType.Text;
connection.Open();
command.ExecuteNonQuery();
}
catch (Exception)
{
throw;
}
finally
{
if (connection != null)
{
connection.Close();
}
}
}
感謝您的幫助,我真的掙扎
如果您使用.Net版本> 3.5,則可以註釋驗證。它是一個網絡或桌面應用程序? – Senthil
這將是一個桌面應用程序 – user3570972
另外,看看參數化查詢..即使不是基於網絡,讓你開始做的正確,VS掙扎以後。即使是基於桌面的,你也可以打開sql注入。 – DRapp