1. 首頁
  2. 問答
  3. 如何使用循環將多個查詢插入到數據庫表中?

如何使用循環將多個查詢插入到數據庫表中?

2017-06-12 117 views
-2

如何,我可以把這些查詢在(從student_fee_record_2student_fee_record_10)有10 student_fee_record_1和其他之間僅相差student_fee_record_2沒有插入的fee_txt。我需要他們插入一個循環單獨student_fee_record_1,這樣我的代碼可以更短,這些是太多的代碼行,請幫我使用循環縮短此代碼。請注意,我正在爲我的數據庫中的所有字段使用varchar()。 這是我的代碼。如何使用循環將多個查詢插入到數據庫表中?

private void btn_add_Click(object sender, EventArgs e) 
     { 
      string constring = "Data Source=Niazi;Initial Catalog=IIHS;Integrated Security=True"; 
      SqlConnection conDataBase = new SqlConnection(constring); 
      conDataBase.Open(); 
      string Query = "insert into student_fee_record_1 (student_id, student_name, student_f_name," + 
       "program, address, email_address, date, fee_submit)" + 
       "values('" + std_id_txt.Text + "','" + std_name_txt.Text + "','" + f_name_txt.Text + "'," + 
       "'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," + 
       "'" + date_txt.Text + "', '" + fee_txt.Text + "');"+ 

       "insert into student_fee_record_2 (student_id, student_name, student_f_name," + 
       "program, address, email_address, date)"+ 
       "values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " + 
       "'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," + 
       "'" + date_txt.Text + "')" + 
       "insert into student_fee_record_3 (student_id, student_name, student_f_name," + 
       "program, address, email_address, date)" + 
       "values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " + 
       "'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," + 
       "'" + date_txt.Text + "')" + 
       "insert into student_fee_record_4 (student_id, student_name, student_f_name," + 
       "program, address, email_address, date)" + 
       "values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " + 
       "'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," + 
       "'" + date_txt.Text + "')" + 
       "insert into student_fee_record_5 (student_id, student_name, student_f_name," + 
       "program, address, email_address, date)" + 
       "values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " + 
       "'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," + 
       "'" + date_txt.Text + "')" + 
       "insert into student_fee_record_6 (student_id, student_name, student_f_name," + 
       "program, address, email_address, date)" + 
       "values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " + 
       "'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," + 
       "'" + date_txt.Text + "')" + 
       "insert into student_fee_record_7 (student_id, student_name, student_f_name," + 
       "program, address, email_address, date)" + 
       "values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " + 
       "'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," + 
       "'" + date_txt.Text + "')" + 
       "insert into student_fee_record_8 (student_id, student_name, student_f_name," + 
       "program, address, email_address, date)" + 
       "values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " + 
       "'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," + 
       "'" + date_txt.Text + "')" + 
       "insert into student_fee_record_9 (student_id, student_name, student_f_name," + 
       "program, address, email_address, date)" + 
       "values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " + 
       "'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," + 
       "'" + date_txt.Text + "')" + 
       "insert into student_fee_record_10 (student_id, student_name, student_f_name," + 
       "program, address, email_address, date)" + 
       "values('" + std_id_txt.Text + "', '" + std_name_txt.Text + "', '" + f_name_txt.Text + "', " + 
       "'" + program_txt.Text + "', '" + address_txt.Text + "', '" + email_txt.Text + "'," + 
       "'" + date_txt.Text + "')"; 

       //SqlConnection conDataBase = new SqlConnection(constring); 
       SqlCommand cmdDataBase = new SqlCommand(Query, conDataBase); 
       SqlDataReader myReader; 
       try 
       { 
        //conDataBase.Open(); 
        myReader = cmdDataBase.ExecuteReader(); 
        MessageBox.Show("Record added successfully."); 
        ClearAll(this); 
        load_table(); 
        while (myReader.Read()) 
        { 

        } 
       } 
       catch (Exception ex) 
       { 
        MessageBox.Show(ex.Message); 
       } 
     }

來源

2017-06-12 Sajid Khan

+3

你有一些數據庫的基礎知識的錯在這裏。每個學生記錄不應該有一張表 - 你只應該有一張表,'student_fee_records','id'欄取代表名後面的數字。另外:您的代碼易受SQL注入攻擊。您應該查看如何使用參數化查詢。 – Blorgbeard

+0

我們可以*告訴你如何實現你所要求的,但這意味着你要在這麼多的層面上解決錯誤。重新考慮你的數據庫設計,並使用SqlParameter進行研究。 – Filburt

+2

Holy [sql注入蝙蝠俠!](https://stackoverflow.com/questions/601300/what-is-sql-injection) – Amy

回答

0 

 private void btn_add_Click(object sender, EventArgs e) 
     { 
      string constring = "Data Source=Niazi;Initial Catalog=IIHS;Integrated Security=True"; 
      SqlConnection conDataBase = new SqlConnection(constring); 
      conDataBase.Open(); 

      string Query = ""; 

      for (int recordNum = 1; recordNum <= 10; recordNum++) 
      { 
       if (recordNum == 1) 
       { 
        Query = string.Format(
         "insert into student_fee_record_{0} (student_id, student_name, student_f_name," + 
         "program, address, email_address, date, fee_submit)" + 
         "values('{1}','{2}','{3}','{4}','{5}','{6}','{7}','{8}')", 
         recordNum.ToString(), std_id_txt.Text, std_name_txt, f_name_txt.Text, program_txt.Text, address_txt.Text, date_txt.Text, email_txt.Text, fee_txt.Text); 
       } 
       else 
       { 
        Query = string.Format(
         "insert into student_fee_record_{0} (student_id, student_name, student_f_name," + 
         "program, address, email_address, date)" + 
         "values('{1}','{2}','{3}','{4}','{5}','{6}','{7}')", 
         recordNum.ToString(), std_id_txt.Text, std_name_txt, f_name_txt.Text, program_txt.Text, address_txt.Text, date_txt.Text, email_txt.Text); 
       } 

       //SqlConnection conDataBase = new SqlConnection(constring); 
       SqlCommand cmdDataBase = new SqlCommand(Query, conDataBase); 
       SqlDataReader myReader; 
       try 
       { 
        //conDataBase.Open(); 
        myReader = cmdDataBase.ExecuteReader(); 
        MessageBox.Show("Record added successfully."); 
        ClearAll(this); 
        load_table(); 
        while (myReader.Read()) 
        { 

        } 
       } 
       catch (Exception ex) 
       { 
        MessageBox.Show(ex.Message); 
       } 
      } 
     }

來源

2017-06-12 17:07:13 jdweng

+0

請確保您使用我的更新。我忘了一個右括號。 – jdweng

+0

不會編譯。 「Query」在其範圍之外訪問。如果它編譯完成,它將執行循環內的所有'MessageBox','load_table()'東西。此外,仍然充滿了SQL注入。 – Blorgbeard

+0

我之前看到錯誤,但遇到了網絡連接問題,無法更新。 「字符串查詢」被定義了兩次。我解決了。將檢查更多的錯誤。 – jdweng

相關問題

 相關問題