SQL语句参数化(1)插入数据
2007-02-13 15:47
453 查看
WebForm1.aspx
Imports System.Text
Public Class WebForm1
Inherits System.Web.UI.Page
#Region " Web 窗体设计器生成的代码 "
'该调用是 Web 窗体设计器所必需的。
<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
End Sub
Protected WithEvents TextBox1 As System.Web.UI.WebControls.TextBox
Protected WithEvents TextBox2 As System.Web.UI.WebControls.TextBox
Protected WithEvents TextBox3 As System.Web.UI.WebControls.TextBox
Protected WithEvents TextBox4 As System.Web.UI.WebControls.TextBox
Protected WithEvents TextBox5 As System.Web.UI.WebControls.TextBox
Protected WithEvents TextBox6 As System.Web.UI.WebControls.TextBox
Protected WithEvents Button1 As System.Web.UI.WebControls.Button
'注意: 以下占位符声明是 Web 窗体设计器所必需的。
'不要删除或移动它。
Private designerPlaceholderDeclaration As System.Object
Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
'CODEGEN: 此方法调用是 Web 窗体设计器所必需的
'不要使用代码编辑器修改它。
InitializeComponent()
End Sub
#End Region
Dim myconn As New Conn
Dim mydata As New Getdata
Dim sql As StringBuilder = New StringBuilder
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
mydata.myconn = New SqlClient.SqlConnection
mydata.myconn.ConnectionString = myconn.stringconnection
If Not Page.IsPostBack Then
End If
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
sql.Append("insert into chanpin(")
sql.Append("chanpin_name,chanpin_bianhao,chanpin_xiaotu,chanpin_putongjia,chanpin_kucun,chanpin_xiangxi")
sql.Append(")")
sql.Append(" values(")
sql.Append("@chanpin_name,@chanpin_bianhao,@chanpin_xiaotu,@chanpin_putongjia,@chanpin_kucun,@chanpin_xiangxi")
sql.Append(")")
Dim mypt As SqlClient.SqlParameter() = New SqlClient.SqlParameter() { _
New SqlClient.SqlParameter("@chanpin_name", SqlDbType.VarChar, 50), _
New SqlClient.SqlParameter("@chanpin_bianhao", SqlDbType.VarChar, 50), _
New SqlClient.SqlParameter("@chanpin_xiaotu", SqlDbType.VarChar, 1000), _
New SqlClient.SqlParameter("@chanpin_putongjia", SqlDbType.Decimal, 9), _
New SqlClient.SqlParameter("@chanpin_kucun", SqlDbType.Int, 4), _
New SqlClient.SqlParameter("@chanpin_xiangxi", SqlDbType.Text)}
mypt(0).Value = TextBox1.Text
mypt(1).Value = TextBox2.Text
mypt(2).Value = TextBox3.Text
mypt(3).Value = TextBox4.Text
mypt(4).Value = TextBox5.Text
mypt(5).Value = TextBox6.Text
mydata.myconn.Open()
mydata.executesql(sql.ToString, mypt)
' mydata.executesql(sql.ToString, Nothing) '不需要用到参数时,传nothing
mydata.myconn.Close()
End Sub
End Class
Getdata.vb
Public Class Getdata
Public myconn As SqlClient.SqlConnection
Public Function executesql(ByVal sql As String, ByVal myPt As SqlClient.SqlParameter())
Dim myCmd As SqlClient.SqlCommand
myCmd = New SqlClient.SqlCommand(sql, myconn) ' 存储过程时sql应改为存储过程名
' myCmd.CommandType = CommandType.StoredProcedure ' 存储过程时需要添加该语句
If IsNothing(myPt) Then
myCmd.ExecuteNonQuery()
Else
Dim mypt1 As SqlClient.SqlParameter
For Each mypt1 In myPt
myCmd.Parameters.Add(mypt1)
Next
myCmd.ExecuteNonQuery()
myCmd.Parameters.Clear()
End If
End Function
End Class
Imports System.Text
Public Class WebForm1
Inherits System.Web.UI.Page
#Region " Web 窗体设计器生成的代码 "
'该调用是 Web 窗体设计器所必需的。
<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
End Sub
Protected WithEvents TextBox1 As System.Web.UI.WebControls.TextBox
Protected WithEvents TextBox2 As System.Web.UI.WebControls.TextBox
Protected WithEvents TextBox3 As System.Web.UI.WebControls.TextBox
Protected WithEvents TextBox4 As System.Web.UI.WebControls.TextBox
Protected WithEvents TextBox5 As System.Web.UI.WebControls.TextBox
Protected WithEvents TextBox6 As System.Web.UI.WebControls.TextBox
Protected WithEvents Button1 As System.Web.UI.WebControls.Button
'注意: 以下占位符声明是 Web 窗体设计器所必需的。
'不要删除或移动它。
Private designerPlaceholderDeclaration As System.Object
Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
'CODEGEN: 此方法调用是 Web 窗体设计器所必需的
'不要使用代码编辑器修改它。
InitializeComponent()
End Sub
#End Region
Dim myconn As New Conn
Dim mydata As New Getdata
Dim sql As StringBuilder = New StringBuilder
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
mydata.myconn = New SqlClient.SqlConnection
mydata.myconn.ConnectionString = myconn.stringconnection
If Not Page.IsPostBack Then
End If
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
sql.Append("insert into chanpin(")
sql.Append("chanpin_name,chanpin_bianhao,chanpin_xiaotu,chanpin_putongjia,chanpin_kucun,chanpin_xiangxi")
sql.Append(")")
sql.Append(" values(")
sql.Append("@chanpin_name,@chanpin_bianhao,@chanpin_xiaotu,@chanpin_putongjia,@chanpin_kucun,@chanpin_xiangxi")
sql.Append(")")
Dim mypt As SqlClient.SqlParameter() = New SqlClient.SqlParameter() { _
New SqlClient.SqlParameter("@chanpin_name", SqlDbType.VarChar, 50), _
New SqlClient.SqlParameter("@chanpin_bianhao", SqlDbType.VarChar, 50), _
New SqlClient.SqlParameter("@chanpin_xiaotu", SqlDbType.VarChar, 1000), _
New SqlClient.SqlParameter("@chanpin_putongjia", SqlDbType.Decimal, 9), _
New SqlClient.SqlParameter("@chanpin_kucun", SqlDbType.Int, 4), _
New SqlClient.SqlParameter("@chanpin_xiangxi", SqlDbType.Text)}
mypt(0).Value = TextBox1.Text
mypt(1).Value = TextBox2.Text
mypt(2).Value = TextBox3.Text
mypt(3).Value = TextBox4.Text
mypt(4).Value = TextBox5.Text
mypt(5).Value = TextBox6.Text
mydata.myconn.Open()
mydata.executesql(sql.ToString, mypt)
' mydata.executesql(sql.ToString, Nothing) '不需要用到参数时,传nothing
mydata.myconn.Close()
End Sub
End Class
Getdata.vb
Public Class Getdata
Public myconn As SqlClient.SqlConnection
Public Function executesql(ByVal sql As String, ByVal myPt As SqlClient.SqlParameter())
Dim myCmd As SqlClient.SqlCommand
myCmd = New SqlClient.SqlCommand(sql, myconn) ' 存储过程时sql应改为存储过程名
' myCmd.CommandType = CommandType.StoredProcedure ' 存储过程时需要添加该语句
If IsNothing(myPt) Then
myCmd.ExecuteNonQuery()
Else
Dim mypt1 As SqlClient.SqlParameter
For Each mypt1 In myPt
myCmd.Parameters.Add(mypt1)
Next
myCmd.ExecuteNonQuery()
myCmd.Parameters.Clear()
End If
End Function
End Class
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- SQL语句参数化(1)插入数据
- SQL语句 插入数据的三种写法
- 使用T-SQL语句插入、更新、删除数据表
- SQL 基础之子查询、多表插入、merge 语句、跟踪一段时间数据变化(二十)
- SQL语句,数据更新,数据插入删除修改和对视图的更新操作
- SQL语句批量插入数据
- 从数据表中导出数据并生插入SQL语句
- SQL语句 怎么把从一个表中查出来数据插入到另一个表中
- sql语句插入的数据中含有单引号怎么办?
- spring+hibernate 插入数据时控制台打印出sql语句,但是数据库中并没有数据解决方法
- SQL语句oracle中如何插入Date类型的数据
- 用SQL语句向表格中插入数据
- [置顶] 在表中插入数据的SQL语句
- 数据库已有的数据不在插入SQL语句
- SQL语句创建表并插入指定N条数据(用于测试)
- sql语句批量插入测试数据
- 批量数据插入的SQL语句
- 一条SQL语句 插入多条数据
- MYSQL 数据表中行存在时更新,不存在时插入的SQL语句
- 用SQL语句向表格中插入数据INSERT