一步步编写SqlHelper类(C#)


在C#中使用ADO.NET连接数据库的时候,每次连接都要编写连接,打开,执行SQL语句的代码,很麻烦,编写一个SqlHelper类,把每次连接都要写的代码封装成方法,把要执行的SQL语句通过参数传进去,可以大大简化编码,下面就一步步的编写一个SqlHelper类。

每次连接都要写的代码

using (SqlConnection conn = new SqlConnection(
"Data Source = .;Initial Catalog = DB1;User ID = sa;Password = zxcasd"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * from T_student";
using (SqlDataReader reader = cmd.ExecuteReader())
{
List<string> lName = new List<string>();

while (reader.Read())
{
string name = reader.GetString(1);
lName.Add(name);
}
listName.ItemsSource = lName;
}
}
}

下面是封装在SqlHelper类中ExecuteNonQuery方法:

//把连接字符串写在App.config文件中
private static string connStr = ConfigurationManager.ConnectionStrings["dbConn"].ConnectionString;
//参数使用可变参数,params,在需要传递参数的时候传递,不需要的时候可以不写
public static int ExecuteNonQuery(string sql,params SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;

//foreach (SqlParameter param in parameters)
//{
// cmd.Parameters.Add(param);
//}
cmd.Parameters.AddRange(parameters);
return cmd.ExecuteNonQuery();
}
}
}

ExecuteNonQuery的调用:

SqlHelper.ExecuteNonQuery("insert into T_student (Name,Age) values('啊撒啊',123) ");

为了避免Sql注入漏洞攻击,在写SQL执行语句的时候,不要使用拼接字符串的方式写SQL语句,要使用查询参数,所以在传递SQL语句的时候要把查询参数一起传递进去。

public static DataTable ExecuteDataTable(string sql, params SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;
cmd.Parameters.AddRange(parameters);
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
DataSet dataset = new DataSet();
adapter.Fill(dataset);
return dataset.Tables[0];
}
}
}

调用:

string sql = "select * from T_student where Age < @Age";
DataTable table = SqlHelper.ExecuteDataTable(sql,new SqlParameter ("@Age",100));
foreach (DataRow row in table.Rows)
{
string name = (string)row["Name"];
MessageBox.Show(name);
}

下面是SqlHelper类的代码:

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Data.SqlClient;
using System.Data;
namespace ADONET2
{
class SqlHelper
{

//封装方法的原则,把不变的放在方法中,把变化的放在参数中传进来

private static string connStr = ConfigurationManager.ConnectionStrings["dbConn"].ConnectionString;

//public static int ExecuteNonQuery(string sql)
//{
// using (SqlConnection conn = new SqlConnection(connStr))
// {
// conn.Open();
// using (SqlCommand cmd = conn.CreateCommand())
// {
// cmd.CommandText = sql;

// return cmd.ExecuteNonQuery();
// }
// }
//}

//public static object ExecuteScalar(string sql)
//{
// using (SqlConnection conn = new SqlConnection(connStr))
// {
// conn.Open();

// using (SqlCommand cmd = conn.CreateCommand())
// {
// cmd.CommandText = sql;

// return cmd.ExecuteScalar();
// }
// }
//}

//public static DataTable ExecuteDataTable(string sql)
//{
// using (SqlConnection conn = new SqlConnection(connStr))
// {
// conn.Open();
// using (SqlCommand cmd = conn.CreateCommand())
// {
// cmd.CommandText = sql;
// SqlDataAdapter adapter = new SqlDataAdapter(cmd);
// DataSet dataset = new DataSet();

// adapter.Fill(dataset);

// return dataset.Tables[0];
// }
// }
//}

public static int ExecuteNonQuery(string sql,params SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;

//foreach (SqlParameter param in parameters)
//{
// cmd.Parameters.Add(param);
//}
cmd.Parameters.AddRange(parameters);
return cmd.ExecuteNonQuery();
}
}
}

public static object ExecuteScalar(string sql,SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();

using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;
cmd.Parameters.AddRange(parameters);

return cmd.ExecuteScalar();
}
}
}

//public static DataTable ExecuteDataTable(string sql,SqlParameter[] parameters)
//{
// using (SqlConnection conn = new SqlConnection(connStr))
// {
// conn.Open();
// using (SqlCommand cmd = conn.CreateCommand())
// {
// cmd.CommandText = sql;
// cmd.Parameters.AddRange(parameters);
// SqlDataAdapter adapter = new SqlDataAdapter(cmd);
// DataSet dataset = new DataSet();
// adapter.Fill(dataset);
// return dataset.Tables[0];
// }
// }
//}

//使用可变参数
public static DataTable ExecuteDataTable(string sql, params SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;
cmd.Parameters.AddRange(parameters);
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
DataSet dataset = new DataSet();
adapter.Fill(dataset);
return dataset.Tables[0];
}
}
}
}
}

注意!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系我们删除。



 
粤ICP备14056181号  © 2014-2021 ITdaan.com