一步步編寫SqlHelper類(C#)


在C#中使用ADO.NET連接數據庫的時候,每次連接都要編寫連接,打開,執行SQL語句的代碼,很麻煩,編寫一個SqlHelper類,把每次連接都要寫的代碼封裝成方法,把要執行的SQL語句通過參數傳進去,可以大大簡化編碼,下面就一步步的編寫一個SqlHelper類。

每次連接都要寫的代碼

using (SqlConnection conn = new SqlConnection(
"Data Source = .;Initial Catalog = DB1;User ID = sa;Password = zxcasd"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * from T_student";
using (SqlDataReader reader = cmd.ExecuteReader())
{
List<string> lName = new List<string>();

while (reader.Read())
{
string name = reader.GetString(1);
lName.Add(name);
}
listName.ItemsSource = lName;
}
}
}

下面是封裝在SqlHelper類中ExecuteNonQuery方法:

//把連接字符串寫在App.config文件中
private static string connStr = ConfigurationManager.ConnectionStrings["dbConn"].ConnectionString;
//參數使用可變參數,params,在需要傳遞參數的時候傳遞,不需要的時候可以不寫
public static int ExecuteNonQuery(string sql,params SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;

//foreach (SqlParameter param in parameters)
//{
// cmd.Parameters.Add(param);
//}
cmd.Parameters.AddRange(parameters);
return cmd.ExecuteNonQuery();
}
}
}

ExecuteNonQuery的調用:

SqlHelper.ExecuteNonQuery("insert into T_student (Name,Age) values('啊撒啊',123) ");

為了避免Sql注入漏洞攻擊,在寫SQL執行語句的時候,不要使用拼接字符串的方式寫SQL語句,要使用查詢參數,所以在傳遞SQL語句的時候要把查詢參數一起傳遞進去。

public static DataTable ExecuteDataTable(string sql, params SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;
cmd.Parameters.AddRange(parameters);
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
DataSet dataset = new DataSet();
adapter.Fill(dataset);
return dataset.Tables[0];
}
}
}

調用:

string sql = "select * from T_student where Age < @Age";
DataTable table = SqlHelper.ExecuteDataTable(sql,new SqlParameter ("@Age",100));
foreach (DataRow row in table.Rows)
{
string name = (string)row["Name"];
MessageBox.Show(name);
}

下面是SqlHelper類的代碼:

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Data.SqlClient;
using System.Data;
namespace ADONET2
{
class SqlHelper
{

//封裝方法的原則,把不變的放在方法中,把變化的放在參數中傳進來

private static string connStr = ConfigurationManager.ConnectionStrings["dbConn"].ConnectionString;

//public static int ExecuteNonQuery(string sql)
//{
// using (SqlConnection conn = new SqlConnection(connStr))
// {
// conn.Open();
// using (SqlCommand cmd = conn.CreateCommand())
// {
// cmd.CommandText = sql;

// return cmd.ExecuteNonQuery();
// }
// }
//}

//public static object ExecuteScalar(string sql)
//{
// using (SqlConnection conn = new SqlConnection(connStr))
// {
// conn.Open();

// using (SqlCommand cmd = conn.CreateCommand())
// {
// cmd.CommandText = sql;

// return cmd.ExecuteScalar();
// }
// }
//}

//public static DataTable ExecuteDataTable(string sql)
//{
// using (SqlConnection conn = new SqlConnection(connStr))
// {
// conn.Open();
// using (SqlCommand cmd = conn.CreateCommand())
// {
// cmd.CommandText = sql;
// SqlDataAdapter adapter = new SqlDataAdapter(cmd);
// DataSet dataset = new DataSet();

// adapter.Fill(dataset);

// return dataset.Tables[0];
// }
// }
//}

public static int ExecuteNonQuery(string sql,params SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;

//foreach (SqlParameter param in parameters)
//{
// cmd.Parameters.Add(param);
//}
cmd.Parameters.AddRange(parameters);
return cmd.ExecuteNonQuery();
}
}
}

public static object ExecuteScalar(string sql,SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();

using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;
cmd.Parameters.AddRange(parameters);

return cmd.ExecuteScalar();
}
}
}

//public static DataTable ExecuteDataTable(string sql,SqlParameter[] parameters)
//{
// using (SqlConnection conn = new SqlConnection(connStr))
// {
// conn.Open();
// using (SqlCommand cmd = conn.CreateCommand())
// {
// cmd.CommandText = sql;
// cmd.Parameters.AddRange(parameters);
// SqlDataAdapter adapter = new SqlDataAdapter(cmd);
// DataSet dataset = new DataSet();
// adapter.Fill(dataset);
// return dataset.Tables[0];
// }
// }
//}

//使用可變參數
public static DataTable ExecuteDataTable(string sql, params SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;
cmd.Parameters.AddRange(parameters);
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
DataSet dataset = new DataSet();
adapter.Fill(dataset);
return dataset.Tables[0];
}
}
}
}
}

注意!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系我们删除。



 
粤ICP备14056181号  © 2014-2021 ITdaan.com