sqlhelper,c#

最新推荐文章于 2016-10-02 20:46:49 发布
原创 最新推荐文章于 2016-10-02 20:46:49 发布 · 445 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#sqlhelper #sql应用

 1.传入参数数量,生成Sql参数

/// <summary>
        /// 生成Sql参数
        /// </summary>
        /// <param name="paramCount"></param>
        /// <returns></returns>
        public static SqlParameter[] CreateParameter(int paramCount)
        {
            SqlParameter[] param = new SqlParameter[paramCount];
            for (int i = 0; i < paramCount; i++)
            {
                param[i] = new SqlParameter();
            }
            return param;
        }

2.为sqlcommand添加参数
    private static void AttachParameters(SqlCommand command, SqlParameter[] commandParameters)
        {
            foreach (SqlParameter p in commandParameters)
            {
                //check for derived output value with no value assigned
                if ((p.Direction == ParameterDirection.InputOutput) && (p.Value == null))
                {
                    p.Value = DBNull.Value;
                }




                command.Parameters.Add(p);
            }
        }
3.为SqlParameter添加值 

<pre name="code" class="csharp">   /// This method assigns an array of values to an array of SqlParameters.
        /// </summary>
        /// <param name="commandParameters">array of SqlParameters to be assigned values</param>
        /// <param name="parameterValues">array of objects holding the values to be assigned</param>
        private static void AssignParameterValues(SqlParameter[] commandParameters, object[] parameterValues)
        {
            if ((commandParameters == null) || (parameterValues == null))
            {
                //do nothing if we get no data
                return;
            }

            // we must have the same number of values as we pave parameters to put them in
            if (commandParameters.Length != parameterValues.Length)
            {
                throw new ArgumentException("Parameter count does not match Parameter Value count.");
            }

            //iterate through the SqlParameters, assigning the values from the corresponding position in the 
            //value array
            for (int i = 0, j = commandParameters.Length; i < j; i++)
            {
                commandParameters[i].Value = parameterValues[i];
            }
        }
4。此方法打开分配一个连接交易通讯
 /// <summary>
        /// This method opens (if necessary) and assigns a connection, transaction, command type and parameters 
        /// to the provided command.
        /// </summary>
        /// <param name="command">the SqlCommand to be prepared</param>
        /// <param name="connection">a valid SqlConnection, on which to execute this command</param>
        /// <param name="transaction">a valid SqlTransaction, or 'null'</param>
        /// <param name="commandType">the CommandType (stored procedure, text, etc.)</param>
        /// <param name="commandText">the stored procedure name or T-SQL command</param>
        /// <param name="commandParameters">an array of SqlParameters to be associated with the command or 'null' if no parameters are required</param>
        private static void PrepareCommand(SqlCommand command, SqlConnection connection, SqlTransaction transaction, CommandType commandType, string commandText, SqlParameter[] commandParameters)
        {
            //if the provided connection is not open, we will open it
            if (connection.State != ConnectionState.Open)
            {
                connection.Open();
            }

            //associate the connection with the command
            command.Connection = connection;

            //set the command text (stored procedure name or SQL statement)
            command.CommandText = commandText;

            //if we were provided a transaction, assign it.
            if (transaction != null)
            {
                command.Transaction = transaction;
            }

            //set the command type
            command.CommandType = commandType;

            //attach the command parameters if they are provided
            if (commandParameters != null)
            {
                AttachParameters(command, commandParameters);
            }

            return;
        }



4.执行sql操作
<pre name="code" class="csharp">        /// <summary>
        /// Execute a SqlCommand (that returns no resultset and takes no parameters) against the database specified in 
        /// the connection string. 
        /// </summary>
        /// <remarks>
        /// e.g.:  
        ///  int result = ExecuteNonQuery(connString, CommandType.StoredProcedure, "PublishOrders");
        /// </remarks>
        /// <param name="connectionString">a valid connection string for a SqlConnection</param>
        /// <param name="commandType">the CommandType (stored procedure, text, etc.)</param>
        /// <param name="commandText">the stored procedure name or T-SQL command</param>
        /// <returns>an int representing the number of rows affected by the command</returns>
        public static int ExecuteNonQuery(string connectionString, CommandType commandType, string commandText)
        {
            //pass through the call providing null for the set of SqlParameters
            return ExecuteNonQuery(connectionString, commandType, commandText, (SqlParameter[])null);
        }

        /// <summary>
        /// Execute a SqlCommand (that returns no resultset) against the database specified in the connection string 
        /// using the provided parameters.
        /// </summary>
        /// <remarks>
        /// e.g.:  
        ///  int result = ExecuteNonQuery(connString, CommandType.StoredProcedure, "PublishOrders", new SqlParameter("@prodid", 24));
        /// </remarks>
        /// <param name="connectionString">a valid connection string for a SqlConnection</param>
        /// <param name="commandType">the CommandType (stored procedure, text, etc.)</param>
        /// <param name="commandText">the stored procedure name or T-SQL command</param>
        /// <param name="commandParameters">an array of SqlParamters used to execute the command</param>
        /// <returns>an int representing the number of rows affected by the command</returns>
        public static int ExecuteNonQuery(string connectionString, CommandType commandType, string commandText, params SqlParameter[] commandParameters)
        {
            //create & open a SqlConnection, and dispose of it after we are done.
            int re = 0;
            SqlConnection cn = new SqlConnection(connectionString);
            try
            {

                cn.Open();

                //call the overload that takes a connection in place of the connection string
                re = ExecuteNonQuery(cn, commandType, commandText, commandParameters);
            }
            catch
            {
                MyDB._Check_Net = true;
            }
            finally
            {
                if (cn != null && cn.State != ConnectionState.Closed)
                    cn.Close();
            }
            return re;

        }

        /// <summary>
        /// Execute a stored procedure via a SqlCommand (that returns no resultset) against the database specified in 
        /// the connection string using the provided parameter values.  This method will query the database to discover the parameters for the 
        /// stored procedure (the first time each stored procedure is called), and assign the values based on parameter order.
        /// </summary>
        /// <remarks>
        /// This method provides no access to output parameters or the stored procedure's return value parameter.
        /// 
        /// e.g.:  
        ///  int result = ExecuteNonQuery(connString, "PublishOrders", 24, 36);
        /// </remarks>
        /// <param name="connectionString">a valid connection string for a SqlConnection</param>
        /// <param name="spName">the name of the stored prcedure</param>
        /// <param name="parameterValues">an array of objects to be assigned as the input values of the stored procedure</param>
        /// <returns>an int representing the number of rows affected by the command</returns>
        public static int ExecuteNonQuery(string connectionString, string spName, params object[] parameterValues)
        {
            //if we receive parameter values, we need to figure out where they go
            if ((parameterValues != null) && (parameterValues.Length > 0))
            {
                //pull the parameters for this stored procedure from the parameter cache (or discover them & populate the cache)
                SqlParameter[] commandParameters = SqlHelperParameterCache.GetSpParameterSet(connectionString, spName);

                //assign the provided values to these parameters based on parameter order
                AssignParameterValues(commandParameters, parameterValues);

                //call the overload that takes an array of SqlParameters
                return ExecuteNonQuery(connectionString, CommandType.StoredProcedure, spName, commandParameters);
            }
            //otherwise we can just call the SP without params
            else
            {
                return ExecuteNonQuery(connectionString, CommandType.StoredProcedure, spName);
            }
        }

        /// <summary>
        /// Execute a SqlCommand (that returns no resultset and takes no parameters) against the provided SqlConnection. 
        /// </summary>
        /// <remarks>
        /// e.g.:  
        ///  int result = ExecuteNonQuery(conn, CommandType.StoredProcedure, "PublishOrders");
        /// </remarks>
        /// <param name="connection">a valid SqlConnection</param>
        /// <param name="commandType">the CommandType (stored procedure, text, etc.)</param>
        /// <param name="commandText">the stored procedure name or T-SQL command</param>
        /// <returns>an int representing the number of rows affected by the command</returns>
        public static int ExecuteNonQuery(SqlConnection connection, CommandType commandType, string commandText)
        {
            //pass through the call providing null for the set of SqlParameters
            return ExecuteNonQuery(connection, commandType, commandText, (SqlParameter[])null);
        }

        /// <summary>
        /// Execute a SqlCommand (that returns no resultset) against the specified SqlConnection 
        /// using the provided parameters.
        /// </summary>
        /// <remarks>
        /// e.g.:  
        ///  int result = ExecuteNonQuery(conn, CommandType.StoredProcedure, "PublishOrders", new SqlParameter("@prodid", 24));
        /// </remarks>
        /// <param name="connection">a valid SqlConnection</param>
        /// <param name="commandType">the CommandType (stored procedure, text, etc.)</param>
        /// <param name="commandText">the stored procedure name or T-SQL command</param>
        /// <param name="commandParameters">an array of SqlParamters used to execute the command</param>
        /// <returns>an int representing the number of rows affected by the command</returns>
        public static int ExecuteNonQuery(SqlConnection connection, CommandType commandType, string commandText, params SqlParameter[] commandParameters)
        {
            //create a command and prepare it for execution
            SqlCommand cmd = new SqlCommand();
            int re = 0;
            try
            {
                PrepareCommand(cmd, connection, (SqlTransaction)null, commandType, commandText, commandParameters);

                //finally, execute the command.
                re = cmd.ExecuteNonQuery();

                // detach the SqlParameters from the command object, so they can be used again.
                cmd.Parameters.Clear();
            }
            catch
            {
                MyDB._Check_Net = true;
            }
            finally
            {
                if (connection != null && connection.State != ConnectionState.Closed)
                    connection.Close();
            }
            return re;
        }

        /// <summary>
        /// Execute a stored procedure via a SqlCommand (that returns no resultset) against the specified SqlConnection 
        /// using the provided parameter values.  This method will query the database to discover the parameters for the 
        /// stored procedure (the first time each stored procedure is called), and assign the values based on parameter order.
        /// </summary>
        /// <remarks>
        /// This method provides no access to output parameters or the stored procedure's return value parameter.
        /// 
        /// e.g.:  
        ///  int result = ExecuteNonQuery(conn, "PublishOrders", 24, 36);
        /// </remarks>
        /// <param name="connection">a valid SqlConnection</param>
        /// <param name="spName">the name of the stored procedure</param>
        /// <param name="parameterValues">an array of objects to be assigned as the input values of the stored procedure</param>
        /// <returns>an int representing the number of rows affected by the command</returns>
        public static int ExecuteNonQuery(SqlConnection connection, string spName, params object[] parameterValues)
        {
            //if we receive parameter values, we need to figure out where they go
            if ((parameterValues != null) && (parameterValues.Length > 0))
            {
                //pull the parameters for this stored procedure from the parameter cache (or discover them & populate the cache)
                SqlParameter[] commandParameters = SqlHelperParameterCache.GetSpParameterSet(connection.ConnectionString, spName);

                //assign the provided values to these parameters based on parameter order
                AssignParameterValues(commandParameters, parameterValues);

                //call the overload that takes an array of SqlParameters
                return ExecuteNonQuery(connection, CommandType.StoredProcedure, spName, commandParameters);
            }
            //otherwise we can just call the SP without params
            else
            {
                return ExecuteNonQuery(connection, CommandType.StoredProcedure, spName);
            }
        }

        /// <summary>
        /// Execute a SqlCommand (that returns no resultset and takes no parameters) against the provided SqlTransaction. 
        /// </summary>
        /// <remarks>
        /// e.g.:  
        ///  int result = ExecuteNonQuery(trans, CommandType.StoredProcedure, "PublishOrders");
        /// </remarks>
        /// <param name="transaction">a valid SqlTransaction</param>
        /// <param name="commandType">the CommandType (stored procedure, text, etc.)</param>
        /// <param name="commandText">the stored procedure name or T-SQL command</param>
        /// <returns>an int representing the number of rows affected by the command</returns>
        public static int ExecuteNonQuery(SqlTransaction transaction, CommandType commandType, string commandText)
        {
            //pass through the call providing null for the set of SqlParameters
            return ExecuteNonQuery(transaction, commandType, commandText, (SqlParameter[])null);
        }

        /// <summary>
        /// Execute a SqlCommand (that returns no resultset) against the specified SqlTransaction
        /// using the provided parameters.
        /// </summary>
        /// <remarks>
        /// e.g.:  
        ///  int result = ExecuteNonQuery(trans, CommandType.StoredProcedure, "GetOrders", new SqlParameter("@prodid", 24));
        /// </remarks>
        /// <param name="transaction">a valid SqlTransaction</param>
        /// <param name="commandType">the CommandType (stored procedure, text, etc.)</param>
        /// <param name="commandText">the stored procedure name or T-SQL command</param>
        /// <param name="commandParameters">an array of SqlParamters used to execute the command</param>
        /// <returns>an int representing the number of rows affected by the command</returns>
        public static int ExecuteNonQuery(SqlTransaction transaction, CommandType commandType, string commandText, params SqlParameter[] commandParameters)
        {
            //create a command and prepare it for execution
            SqlCommand cmd = new SqlCommand();
            int re = 0;
            try
            {
                PrepareCommand(cmd, transaction.Connection, transaction, commandType, commandText, commandParameters);

                //finally, execute the command.
                re = cmd.ExecuteNonQuery();

                // detach the SqlParameters from the command object, so they can be used again.
                cmd.Parameters.Clear();
            }
            catch
            {
                MyDB._Check_Net = true;
            }
            return re;
        }

        /// <summary>
        /// Execute a stored procedure via a SqlCommand (that returns no resultset) against the specified 
        /// SqlTransaction using the provided parameter values.  This method will query the database to discover the parameters for the 
        /// stored procedure (the first time each stored procedure is called), and assign the values based on parameter order.
        /// </summary>
        /// <remarks>
        /// This method provides no access to output parameters or the stored procedure's return value parameter.
        /// 
        /// e.g.:  
        ///  int result = ExecuteNonQuery(conn, trans, "PublishOrders", 24, 36);
        /// </remarks>
        /// <param name="transaction">a valid SqlTransaction</param>
        /// <param name="spName">the name of the stored procedure</param>
        /// <param name="parameterValues">an array of objects to be assigned as the input values of the stored procedure</param>
        /// <returns>an int representing the number of rows affected by the command</returns>
        public static int ExecuteNonQuery(SqlTransaction transaction, string spName, params object[] parameterValues)
        {
            //if we receive parameter values, we need to figure out where they go
            if ((parameterValues != null) && (parameterValues.Length > 0))
            {
                //pull the parameters for this stored procedure from the parameter cache (or discover them & populate the cache)
                SqlParameter[] commandParameters = SqlHelperParameterCache.GetSpParameterSet(transaction.Connection.ConnectionString, spName);

                //assign the provided values to these parameters based on parameter order
                AssignParameterValues(commandParameters, parameterValues);

                //call the overload that takes an array of SqlParameters
                return ExecuteNonQuery(transaction, CommandType.StoredProcedure, spName, commandParameters);
            }
            //otherwise we can just call the SP without params
            else
            {
                return ExecuteNonQuery(transaction, CommandType.StoredProcedure, spName);
            }
        }


        #endregion ExecuteNonQuery














                

        

    

    
  



    



                



	

		

			

				
					
SqlParameter集合数组中添加参数——SQLHelp对数据访问层的优化(一)

				
			

			

				

					李黎敏   ——为优秀j2ee架构师而努力
				

				

					01-03
					
					5399
					
				

			

		

		

			
				
这是今天下午忙活半天的成果,但不管怎样吧还是达到了想要的目的:通过集合数据自动添加SqlParameter参数到Command命令中。
思路很明确,也很简单,大致的可以分两步。
第一步,将用户输入的存储过程参数写入到一个SqlParameter集合数组中;
第二步,将SqlParameter集合数组中的参数元素导入到Command命令的Parameters集合中。
接下来要做的是分别实现这

			
		

	



                

            
              



	

		

			

				
					
C#应用事物的SqlHelper

				
			

			

				

					stz344184987的专栏
				

				

					06-02
					
					1370
					
				

			

		

		

			
				
<br />    using System;<br />using System.Data;<br />using System.Data.SqlClient;<br />using System.Configuration;<br />using System.ComponentModel;<br />using System.Collections.Generic;<br />namespace DLL<br />{<br />    public class SQLHelper<br />    {

			
		

	



              


  
              

                


	

		

			

				
					
SqlParameter数组添加

				
			

			

				

					Better Thinker
				

				

					05-23
					
					7553
					
				

			

		

		

			
				
protected void Button1_Click(object sender, EventArgs e)
    {
        string strSql="insert into Invoice_Rebate_Customer_L (FORM_ID,LINE_NO) values (@formNo,@lineNo)";        
        SqlParameter[]

			
		

	





	

		

			

				
					
SqlParameter内动态添加参数

				
			

			

				

					lisky119的专栏
				

				

					06-09
					
					10000
					
				

			

		

		

			
				
SqlParameter内动态添加参数






动态向SqlParameter 里添加相应参数,方法如下

先定义一个List,然后再往List里面添加SqlParameter对象,然后将List转为SqlParameter数组即可

List ilistStr = new List(); 

            ilistStr.Add(new SqlPara

			
		

	



		

			
		



	

		

			

				
					
SqlParameter的作用与用法

				
			

			

				

					最数据的专栏
				

				

					10-03
					
					1745
					
				

			

		

		

			
				
一般来说,在更新DataTable或是DataSet时,如果不采用SqlParameter,那么当输入的Sql语句出现歧义时,如字符串中含有单引号,程序就会发生错误,并且他人可以轻易地通过拼接Sql语句来进行注入攻击。
 


string sql = "update Table1 set name = 'Pudding' where ID = '1'";//未采用SqlParameter

Sq

			
		

	





	

		

			

				
					
C#SqlParameter类的使用方法小结

				
			

			

				

					阳光岛主
				

				

					08-06
					
					3万+
					
				

			

		

		

			
				
 C#SqlParameter类的使用方法小结在c#中执行sql语句时传递参数的小经验 1、直接写入法:      例如:             int Id =1;             string Name="lui";             cmd.CommandText="insert into TUserLogin values("+Id+","

			
		

	





	

		

			

				
					
SqlHelper C#

				
			

			

				

					05-09
				

			

		

		

			
				
C#访问数据库类,包括多种数据库和事务处理等。

			
		

	





	

		

			

				
					
C# SqlHelper类 (微软官方)

				
			

			

				

					03-07
				

			

		

		

			
				
C#中使用SqlHelper,首先需要引用`System.Data`和`System.Data.SqlClient`命名空间。下面我们将深入探讨SqlHelper类的主要功能和使用方法。  1. **连接字符串**:  在使用SqlHelper之前,需要一个有效的连接字符串...

			
		

	





	

		

			

				
					
SqlHelper.zip

				
			

			

				

					05-27
				

			

		

		

			
				
SqlHelperC#编程语言中常见的一种用于简化数据库操作的辅助类库,它为开发者提供了方便的接口,以便更高效地执行SQL语句。在.NET框架下,开发人员经常使用SqlHelper来代替直接操作ADO.NET组件,以提高代码的可读性...

			
		

	





	

		

			

				
					
SqlHelper C# 2.0:开发者的实用工具库

				
			

			

				

					
				

			

		

		

			
				
SqlHelper C# 2.0 是一个在.NET开发中常用的数据访问辅助类,它是为了解决重复性的数据库操作而设计的,目的是简化数据库编程时的代码量和复杂度。SqlHelper类封装了对数据库的一些基本操作,例如打开和关闭数据库...

			
		

	





	

		

			

				
					
sqlhelper c#操作数据库,添加删除修改,存储过程

				
			

			

				

					06-04
				

			

		

		

			
				
SQLHelper C# 操作数据库,添加删除修改,存储过程  SQLHelper 是一个 C# 类库,用于封装对 SQL Server 数据库的操作,包括添加、删除、修改和选择等操作。下面是对 SQLHelper 类的详细解释:  一、连接数据库  ...

			
		

	





	

		

			

				
					
SqlParameter[] 添加参数

				
			

			

				

					weixin_34081595的博客
				

				

					06-17
					
					595
					
				

			

		

		

			
				
以前一直是在new的时候直接指定

SqlParameter[] parms = new SqlParameter[]{
new SqlParameter('@id','id'),
new SqlParameter('@name','name')
};

现在需要根据条件判断需要添加哪些参数开始以为可以像List那样使用Add方法,发现SqlParameter[]不支持
于是采用以...

			
		

	





	

		

			

				
					
SqlParameter的用法

				
			

			

				

					weixin_34034670的博客
				

				

					06-19
					
					457
					
				

			

		

		

			
				
关于Sql注入的基本概念,相信不需多说,大家都清楚,经典的注入语句是' or 1=1--单引号而截断字符串,“or 1=1”的永真式的出现使得表的一些信息被暴露出来,如果sql语句是select * from 的话,可能你整个表的信息都会被读取到,更严重的是,如果恶意使用都使用drop命令,那么可能你的整个数据库得全线崩溃。
当然,现在重点不是讲sql注入的害处,而是说说如何最大限度的避免注入...

			
		

	





	

		

			

				
					
SQL语句中的运行时参数

				
			

			

				

					suwu150
				

				

					10-02
					
					6991
					
				

			

		

		

			
				
运行时参数
一、运行时参数的使用

    sql语句中的值,我们可以使用一个参数来代替,然后每次运行的时候都可以重新输入这个值    
    例如:    select last_name,salary,dept_id from s_emp where id=&id;


如上图所示,使用了运行时参数&id,其中id为变量值,如果之前没有定义,则会像图中提示的进行提示,如果以前定

			
		

	





	

		

			

				
					
asp.net SqlParameter 根据条件 有选择的添加参数

				
			

			

				

					anihasiyou的专栏
				

				

					06-06
					
					2178
					
				

			

		

		

			
				
SqlParameter带参数的增删改查语句,可以防止注入.有时候写sql语句的时候会根据方法传进来的参数来判断sql语句中where条件的参数.
一般方法
BLL层方法
public UserInfo GetAll(UserInfo a)
{
            string strSql = "select id,name,code,password from [tb].[dbo].

			
		

	





	

		

			

				
					
C#SqlParameter的作用与用法

					
热门推荐

				
			

			

				

					且听风吟的专栏
				

				

					10-20
					
					8万+
					
				

			

		

		

			
				
一般来说,在更新DataTable或是DataSet时,如果不采用SqlParameter,那么当输入的Sql语句出现歧义时,如字符串中含有单引号,程序就会发生错误,并且他人可以轻易地通过拼接Sql语句来进行注入攻击。




?





1

2

3

4

5

6

7

8

9

10

11

12

13

			
		

	





	

		

			

				
					
sqlhelper应用事务的例子

				
			

			

				

					pasic的专栏
				

				

					04-06
					
					2913
					
				

			

		

		

			
				
在csdn上看到这段代码,很不错,贴上来保存着,用using比较直观的知道资源何时释放。习惯用close()方法来释放SqlParameter[]   signOnParms   =   GetSignOnParameters();     SqlParameter[]   accountParms   =   GetAccountParameters();     SqlPara

			
		

	



              




          




        



    





    



      

      

        
      

      





	

		评论	
	

  
	




  

    

      添加红包
      
    

    

      

        
        

          
          
        

        
请填写红包祝福语或标题

      

      

        
        

          
          
        

        
红包个数最小为10个

      

      

        
        

          
          
        

        
红包金额最低5元

      

      

        
        

          当前余额3.43前往充值 >
        

      

      

        

          需支付:10.00

        
        
      

    

  





  

    
    
  

  

    
    
  








  

    

      

        

          

            
            
成就一亿技术人!

          

          

        

        

          

          

            领取后你会自动成为博主和红包主的粉丝
            规则
          

        

      

      

        

          

            
              
            
            

              
hope_wisdom
 发出的红包
            

          

        

        

          

          

          

        

      

    

    

  



      
      

      
实付

      
使用余额支付

      

        

          

            
            点击重新获取
          

        

        
扫码支付

      

      

        
          
            
          
          
        
      

      

        
        钱包余额
          0
          

            
            

              

                
抵扣说明:

                
 1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
 2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

              

            

          

      

      余额充值