2 SQL 命令插入和更新到不同的表答案

【问题标题】：2 SQL Commands Insert and update to different tables2 SQL 命令插入和更新到不同的表
【发布时间】：2017-06-23 08:21:45
【问题描述】：

有 2 个 sql 命令和不同表的命令。这是我的代码。

  private void button1_Click(object sender, EventArgs e)
    {
        string txtbx9 = textBox9.Text.ToString();
        string cmbbx2 = comboBox2.SelectedItem.ToString();
        string name = textBox1.Text.ToString();
        string surname = textBox2.Text.ToString();
        string company = textBox3.Text.ToString();
        string txtbx8 = textBox8.Text.ToString();
        string sts = "In House";

            try
            {
                connection.Open();


                MessageBox.Show("Payment approved.");
                richTextBox1.Text = richTextBox1.Text + "The hotel received " + txtbx9 + " from this guest";
                 string rtb = richTextBox1.Text.ToString();

            OleDbCommand command = new OleDbCommand();
                command.Connection = connection;
                command.CommandText = "INSERT INTO billing(g_name,g_surname,g_company,g_totalrate, g_paid, g_typepaid, info, u_add, u_tadd, g_ad, g_dd, g_amountofdays) VALUES('" + name + "','" + surname + "','" + company + "','" + txtbx8 + "', '" + txtbx9 + "', '" + cmbbx2 + "', '" + rtb + "', '" + label12.Text.ToString() + "', '" + this.dateTimePicker1.Value +"','"+textBox4.Text.ToString()+"','"+textBox5.Text.ToString()+"','"+textBox6.Text.ToString()+"')"; ;
                command.ExecuteNonQuery();
                command.CommandType = CommandType.Text;
                command.CommandText = "UPDATE guestreg SET g_paidstatus='Paid '"+txtbx9+"'' where g_name ='"+name+"' and g_status = '"+sts"'";

                command.Connection = connection;
                connection.Open();
                command.ExecuteNonQuery();

        }

我怎样才能同时执行这两个命令？程序执行第一个 sql 命令，但不执行第二个

【问题讨论】：

你可以去掉第二个command.Connection = connection; connection.Open();，换个命令再执行一次，之后记得关闭连接。
这是用于 MySql、用于 Sql Server 还是用于 MS-Access？使用 MySql/Sql Server，您可以使用两个 sql 语句创建一个命令。这在访问中是不可能的。您的问题是连接已经打开时打开的第二个连接
@stuartd 在try { 之后有一个，在第二个ExecuteNonQuery 之前有一个。
@stuartd 谢谢！一切正常
@KeyurPATEL 一切正常！多谢！！！你是对的！

标签： c# mysql sql-server ms-access

【解决方案1】：

您可以在 on 命令中执行这两个命令：

try
{
      connection.Open();   

      MessageBox.Show("Payment approved.");
      richTextBox1.Text = richTextBox1.Text + "The hotel received " + txtbx9 + " from this guest";
      string rtb = richTextBox1.Text.ToString();
      command.Connection = connection;
      command.CommandText = "INSERT INTO billing(g_name,g_surname,g_company,g_totalrate, g_paid, g_typepaid, info, u_add, u_tadd, g_ad, g_dd, g_amountofdays) VALUES('" + name + "','" + surname + "','" + company + "','" + txtbx8 + "', '" + txtbx9 + "', '" + cmbbx2 + "', '" + rtb + "', '" + label12.Text.ToString() + "', '" + this.dateTimePicker1.Value +"','"+textBox4.Text.ToString()+"','"+textBox5.Text.ToString()+"','"+textBox6.Text.ToString()+"')";
      command.CommandText += "\nUPDATE guestreg SET g_paidstatus='Paid '"+txtbx9+"'' where g_name ='"+name+"' and g_status = '"+sts"'";
      command.ExecuteNonQuery();
}

或者只是一个接一个地执行它们：

try
{
      connection.Open();   

      MessageBox.Show("Payment approved.");
      richTextBox1.Text = richTextBox1.Text + "The hotel received " + txtbx9 + " from this guest";
      string rtb = richTextBox1.Text.ToString();
      command.Connection = connection;
      command.CommandText = "INSERT INTO billing(g_name,g_surname,g_company,g_totalrate, g_paid, g_typepaid, info, u_add, u_tadd, g_ad, g_dd, g_amountofdays) VALUES('" + name + "','" + surname + "','" + company + "','" + txtbx8 + "', '" + txtbx9 + "', '" + cmbbx2 + "', '" + rtb + "', '" + label12.Text.ToString() + "', '" + this.dateTimePicker1.Value +"','"+textBox4.Text.ToString()+"','"+textBox5.Text.ToString()+"','"+textBox6.Text.ToString()+"')";
      command.ExecuteNonQuery();
      command.CommandText = "UPDATE guestreg SET g_paidstatus='Paid '"+txtbx9+"'' where g_name ='"+name+"' and g_status = '"+sts"'";
      command.ExecuteNonQuery();
}

编辑：

正如史蒂夫提到的（他是绝对正确的），参数应该作为SqlParameters 传递。好处是可以更好地防止 SQL 注入，而且您可以肯定，像“O'Neil”这样的意外输入不会破坏您的代码（参数名称可能会更好）：

try
{
      connection.Open();   

      MessageBox.Show("Payment approved.");
      richTextBox1.Text = richTextBox1.Text + "The hotel received " + txtbx9 + " from this guest";
      string rtb = richTextBox1.Text.ToString();
      command.Connection = connection;
      command.CommandText = "INSERT INTO billing(g_name,g_surname,g_company,g_totalrate, g_paid, g_typepaid, info, u_add, u_tadd, g_ad, g_dd, g_amountofdays) VALUES(@name,@surname,@company,@txtbx8,@txtbx9,@cmbbx2,@rtb,@label12Text,@dateTimePicker1Value,@textBox4Text,@textBox5Text,@textBox6Text')";
      command.Parameters.Add(new SqlParameter("@name",name));
      command.Parameters.Add(new SqlParameter("@surname",surname));
      command.Parameters.Add(new SqlParameter("@company",company));
      command.Parameters.Add(new SqlParameter("@txtbx8",txtbx8));
      command.Parameters.Add(new SqlParameter("@txtbx9",txtbx9));
      command.Parameters.Add(new SqlParameter("@cmbbx2",cmbbx2));
      command.Parameters.Add(new SqlParameter("@rtb",rtb));
      command.Parameters.Add(new SqlParameter("@label12Text",label12.Text.ToString()));
      command.Parameters.Add(new SqlParameter("@dateTimePicker1Value",this.dateTimePicker1.Value.ToString()));
      command.Parameters.Add(new SqlParameter("@textBox4Text",textBox4.Text.ToString()));
      command.Parameters.Add(new SqlParameter("@textBox5Text",textBox5.Text.ToString()));
      command.Parameters.Add(new SqlParameter("@textBox6Text",textBox6.Text.ToString()));
      command.ExecuteNonQuery();
      command.CommandText = "UPDATE guestreg SET g_paidstatus=@paidStatus where g_name =@name and g_status = @status";
      command.Parameters.Add(new SqlParameter("@paidStatus","Paid " + txtbx9));
      command.Parameters.Add(new SqlParameter("@name",name));
      command.Parameters.Add(new SqlParameter("@status",sts));
      command.ExecuteNonQuery();
}

【讨论】：

这不适用于 MS-Access（而且您忘记了两个命令文本之间的分号）
我不知道这是用于 Access。在 SQL Server 上，命令之间不需要分号
OP 标记了 3 个数据库。只有他/她知道
好的，但是我的第二个建议（在编辑之后）应该会起作用
如果您不想给出完整的答案并推荐最佳实践，那么您就没有兴趣让您的答案成为未来读者的良好参考，因此您应该期待有人批评您的工作跨度>

【解决方案2】：

有很多方法可以做到这一点，但对我来说最简单的方法是关闭并重新这样做：

SqlCommand importCommand = new SqlCommand("select * from * ", connection);
        SqlDataReader sqlDR = importCommand.ExecuteReader();
        int index = 0;
        while (sqlDR.Read()) { //something }
        sqlDR.Close();

        index = 0;
        importCommand = new SqlCommand("select * from * ", connection);
        sqlDR = importCommand.ExecuteReader();
        sqlDR.Close();

【讨论】：

【解决方案3】：

你可以使用它。您必须创建两次命令。

private void button1_Click(object sender, EventArgs e)
{
string txtbx9 = textBox9.Text.ToString();
string cmbbx2 = comboBox2.SelectedItem.ToString();
string name = textBox1.Text.ToString();
string surname = textBox2.Text.ToString();
string company = textBox3.Text.ToString();
string txtbx8 = textBox8.Text.ToString();
string sts = "In House";

    try
    {
        connection.Open();


        MessageBox.Show("Payment approved.");
        richTextBox1.Text = richTextBox1.Text + "The hotel received " + txtbx9 + " from this guest";
            string rtb = richTextBox1.Text.ToString();

        OleDbCommand command = new OleDbCommand();

        command.Connection = connection;
        command.CommandText = "INSERT INTO billing(g_name,g_surname,g_company,g_totalrate, g_paid, g_typepaid, info, u_add, u_tadd, g_ad, g_dd, g_amountofdays) VALUES('" + name + "','" + surname + "','" + company + "','" + txtbx8 + "', '" + txtbx9 + "', '" + cmbbx2 + "', '" + rtb + "', '" + label12.Text.ToString() + "', '" + this.dateTimePicker1.Value +"','"+textBox4.Text.ToString()+"','"+textBox5.Text.ToString()+"','"+textBox6.Text.ToString()+"')"; ;
        command.ExecuteNonQuery();

        command = new OleDbCommand();
        command.Connection = connection;
        command.CommandText = "UPDATE guestreg SET g_paidstatus='Paid '"+txtbx9+"'' where g_name ='"+name+"' and g_status = '"+sts"'";

        command.ExecuteNonQuery();

}
}

【讨论】：