一步步編寫SqlHelper類(C#)
阿新 • • 發佈:2019-02-13
在C#中使用ADO.NET連線資料庫的時候,每次連線都要編寫連線,開啟,執行SQL語句的程式碼,很麻煩,編寫一個SqlHelper類,把每次連線都要寫的程式碼封裝成方法,把要執行的SQL語句通過引數傳進去,可以大大簡化編碼,下面就一步步的編寫一個SqlHelper類。
每次連線都要寫的程式碼
using (SqlConnection conn = new SqlConnection(
"Data Source = .;Initial Catalog = DB1;User ID = sa;Password = zxcasd"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * from T_student";
using (SqlDataReader reader = cmd.ExecuteReader())
{
List<string> lName = new List<string>();
while (reader.Read())
{
string name = reader.GetString(1);
lName.Add(name);
}
listName.ItemsSource = lName;
}
}
}
下面是封裝在SqlHelper類中ExecuteNonQuery方法:
//把連線字串寫在App.config檔案中
private static string connStr = ConfigurationManager.ConnectionStrings["dbConn"].ConnectionString;
//引數使用可變引數,params,在需要傳遞引數的時候傳遞,不需要的時候可以不寫
public static int ExecuteNonQuery(string sql,params SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;
//foreach (SqlParameter param in parameters)
//{
// cmd.Parameters.Add(param);
//}
cmd.Parameters.AddRange(parameters);
return cmd.ExecuteNonQuery();
}
}
}
ExecuteNonQuery的呼叫:
SqlHelper.ExecuteNonQuery("insert into T_student (Name,Age) values('啊撒啊',123) ");
為了避免Sql注入漏洞攻擊,在寫SQL執行語句的時候,不要使用拼接字串的方式寫SQL語句,要使用查詢引數,所以在傳遞SQL語句的時候要把查詢引數一起傳遞進去。
public static DataTable ExecuteDataTable(string sql, params SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;
cmd.Parameters.AddRange(parameters);
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
DataSet dataset = new DataSet();
adapter.Fill(dataset);
return dataset.Tables[0];
}
}
}
呼叫:
string sql = "select * from T_student where Age < @Age";
DataTable table = SqlHelper.ExecuteDataTable(sql,new SqlParameter ("@Age",100));
foreach (DataRow row in table.Rows)
{
string name = (string)row["Name"];
MessageBox.Show(name);
}
下面是SqlHelper類的程式碼:
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Data.SqlClient;
using System.Data;
namespace ADONET2
{
class SqlHelper
{
//封裝方法的原則,把不變的放在方法中,把變化的放在引數中傳進來
private static string connStr = ConfigurationManager.ConnectionStrings["dbConn"].ConnectionString;
//public static int ExecuteNonQuery(string sql)
//{
// using (SqlConnection conn = new SqlConnection(connStr))
// {
// conn.Open();
// using (SqlCommand cmd = conn.CreateCommand())
// {
// cmd.CommandText = sql;
// return cmd.ExecuteNonQuery();
// }
// }
//}
//public static object ExecuteScalar(string sql)
//{
// using (SqlConnection conn = new SqlConnection(connStr))
// {
// conn.Open();
// using (SqlCommand cmd = conn.CreateCommand())
// {
// cmd.CommandText = sql;
// return cmd.ExecuteScalar();
// }
// }
//}
//public static DataTable ExecuteDataTable(string sql)
//{
// using (SqlConnection conn = new SqlConnection(connStr))
// {
// conn.Open();
// using (SqlCommand cmd = conn.CreateCommand())
// {
// cmd.CommandText = sql;
// SqlDataAdapter adapter = new SqlDataAdapter(cmd);
// DataSet dataset = new DataSet();
// adapter.Fill(dataset);
// return dataset.Tables[0];
// }
// }
//}
public static int ExecuteNonQuery(string sql,params SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;
//foreach (SqlParameter param in parameters)
//{
// cmd.Parameters.Add(param);
//}
cmd.Parameters.AddRange(parameters);
return cmd.ExecuteNonQuery();
}
}
}
public static object ExecuteScalar(string sql,SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;
cmd.Parameters.AddRange(parameters);
return cmd.ExecuteScalar();
}
}
}
//public static DataTable ExecuteDataTable(string sql,SqlParameter[] parameters)
//{
// using (SqlConnection conn = new SqlConnection(connStr))
// {
// conn.Open();
// using (SqlCommand cmd = conn.CreateCommand())
// {
// cmd.CommandText = sql;
// cmd.Parameters.AddRange(parameters);
// SqlDataAdapter adapter = new SqlDataAdapter(cmd);
// DataSet dataset = new DataSet();
// adapter.Fill(dataset);
// return dataset.Tables[0];
// }
// }
//}
//使用可變引數
public static DataTable ExecuteDataTable(string sql, params SqlParameter[] parameters)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = sql;
cmd.Parameters.AddRange(parameters);
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
DataSet dataset = new DataSet();
adapter.Fill(dataset);
return dataset.Tables[0];
}
}
}
}
}