我可以';t更新并插入到sql server,但我可以选择数据
本文关键字:我可以 server sql 数据 选择 插入 更新 | 更新日期: 2023-09-27 18:20:00
我在更新和插入sql server数据库中的数据时遇到了一些问题,但我可以从中选择数据。我使用的是visual studio 2012,sql server 2012。
请帮忙,非常感谢。
这是我在app.config中的连接字符串
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Configuration;
using System.Data;
using System.Drawing;`enter code here`
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;
namespace ProjectAppWIn
{
public partial class Refill : Form
{
ProjectAppWIn.Login.user s;
ProjectAppWIn.Home.userr r;
public string sa;
public string se;
public Refill(ProjectAppWIn.Login.user s1, ProjectAppWIn.Home.userr s2) //string user)
{
InitializeComponent();
s = s1;
// label2.Text = "Welcome : " + " " + (user);
sa = s.name;
//on which control you want to show the username....
label2.Text = "Welcome..." + s.name;
r = s2;
se = r.id;
textBox8.Text = r.id + "";
}
private void button1_Click(object sender, EventArgs e)
{
this.Hide();
Form targetform = new Login();
targetform.Show();
}
private void button2_Click(object sender, EventArgs e)
{
using (SqlConnection con1 = new SqlConnection("Data Source=KHUNP''SQLEXPRESS;Initial Catalog=kmuttssc;User ID=sa;Password=db2admin;"))
{
if (textBox1.Text.Contains("g") || textBox1.Text.Contains("G") == true)
{
DataTable dte = new DataTable();
con1.Open();
SqlDataReader myRead = null;
//SqlCommand myCommand = new SqlCommand("select * from card,user where card.card_id='" + textBox1.Text + "'", con1);
SqlCommand myCom = new SqlCommand("select card_balance,card_id from card where guest_id = '" + textBox1.Text + "'", con1);
myRead = myCom.ExecuteReader();
while (myRead.Read())
{
textBox6.Text = (myRead["card_balance"].ToString());
textBoxcardid.Text = (myRead["card_id"].ToString());
//TextBox8.Text = (myReader[].ToString());
//DropDownListGender.SelectedItem.Text = (myReader["gender"].ToString());
//DropDownListMonth.Text = (myReader["birth"].ToString());
//DropDownListYear.Text = (myReader["birth"].ToString());
//TextBoxAddress.Text = (myReader["address"].ToString());
//TextBoxCity.Text = (myReader["city"].ToString());
//DropDownListCountry.SelectedItem.Text = (myReader["country"].ToString());
//TextBoxPostcode.Text = (myReader["postcode"].ToString());
//TextBoxEmail.Text = (myReader["email"].ToString());
//TextBoxCarno.Text = (myReader["carno"].ToString());
}
con1.Close();
//textBox5.Text = string.Empty;
//textBox7.Text = string.Empty;
// *****textBox8.Text = Session["id"] + "";
}
else
{
DataTable dt = new DataTable();
con1.Open();
SqlDataReader myReader = null;
//SqlCommand myCommand = new SqlCommand("select * from card,user where card.card_id='" + textBox1.Text + "'", con1);
SqlCommand myCommand = new SqlCommand("select u.user_id, u.user_fname, u.user_lname, c.user_id, c.card_balance,c.card_id from [user] u JOIN [card] c ON u.user_id = c.user_id where c.user_id = '" + textBox1.Text + "'", con1);
myReader = myCommand.ExecuteReader();
while (myReader.Read())
{
textBox6.Text = (myReader["card_balance"].ToString());
textBox2.Text = (myReader["user_fname"].ToString());
textBox3.Text = (myReader["user_lname"].ToString());
textBoxcardid.Text = (myReader["card_id"].ToString());
}
con1.Close();
textBox5.Text = string.Empty;
textBox7.Text = string.Empty;
label9.Text = string.Empty;
// ****textBox8.Text = Session["id"] + "";
}//end using
}
}
private void button3_Click(object sender, EventArgs e)
{
textBox7.Text = (Convert.ToInt32(textBox5.Text) + Convert.ToInt32(textBox6.Text)).ToString();
using (SqlConnection con1 = new SqlConnection("Data Source=KHUNP''SQLEXPRESS;Initial Catalog=kmuttssc;User ID=sa;Password=db2admin;"))
{
if (textBox1.Text.Contains("g") || textBox1.Text.Contains("G") == true)
{
DataTable dt = new DataTable();
con1.Open();
SqlDataReader myReader = null;
//SqlCommand myCommand = new SqlCommand("select * from card,user where card.card_id='" + TextBox1.Text + "'", con1);
SqlCommand myCommand = new SqlCommand("UPDATE card c join guest g on c.guest_id = g.guest_id SET c.card_balance = @card_balance,g.guest_status=@guest_status WHERE c.guest_id = '" + textBox1.Text + "'", con1);
myCommand.Parameters.Add("@card_balance", System.Data.SqlDbType.SmallInt);
//myCommand.Parameters.Add("@staff_id", System.Data.SqlDbType.SmallInt);
myCommand.Parameters["@card_balance"].Value = textBox7.Text;
//myCommand.Parameters["@staff_id"].Value = textBox8.Text;
myCommand.Parameters.AddWithValue("@guest_status", textBox9.Text);
//myCommand.Parameters["@staff_id"].Value = Session["];
try
{
myCommand.ExecuteNonQuery();
//TextBox1.Text = string.Empty;
//TextBox2.Text = string.Empty;
//TextBox3.Text = string.Empty;
//TextBox5.Text = string.Empty;
//TextBox6.Text = string.Empty;
using (SqlConnection conn = new SqlConnection("Data Source=KHUNP''SQLEXPRESS;Initial Catalog=kmuttssc;User ID=sa;Password=db2admin;"))
{
SqlCommand cmd = new SqlCommand("INSERT INTO transactionc (tranc_total, card_id,staff_id,date) VALUES (@tranc_total, @staff_id,@card_id, @date)");
cmd.CommandType = CommandType.Text;
cmd.Connection = conn;
cmd.Parameters.AddWithValue("@tranc_total", textBox5.Text);
cmd.Parameters.AddWithValue("@card_id", textBoxcardid.Text);
cmd.Parameters.AddWithValue("@staff_id",textBox8.Text);
cmd.Parameters.AddWithValue("@date", DateTime.Now);
//cmd.Parameters.AddWithValue("@Address", txtAddress.Text);
conn.Open();
cmd.ExecuteNonQuery();
}
label9.Text = "<b><big><big> Complete !!!</big></big> </b>";
}
catch
{
textBox7.Text = string.Empty;
label9.Text = "<b> <big> <big> Not Complete!!!</big> </big> </b>";
}
finally
{
con1.Close();
}
//myCommand.Parameters.AddWithValue("@card_balance", TextBox7.Text);
//myCommand.ExecuteNonQuery();
}
else
{
DataTable dt = new DataTable();
con1.Open();
SqlDataReader myReader = null;
//SqlCommand myCommand = new SqlCommand("select * from card,user where card.card_id='" + TextBox1.Text + "'", con1);
SqlCommand myCommand = new SqlCommand("UPDATE card set card_balance=@card_balance , WHERE user_id = '" + textBox1.Text + "'", con1);
myCommand.Parameters.Add("@card_balance", System.Data.SqlDbType.SmallInt);
//myCommand.Parameters.Add("@staff_id", System.Data.SqlDbType.SmallInt);
myCommand.Parameters["@card_balance"].Value = textBox7.Text;
//myCommand.Parameters["@staff_id"].Value = textBox8.Text;
//myCommand.Parameters.AddWithValue("@guest_status", TextBox9.Text);
//myCommand.Parameters["@staff_id"].Value = Session["];
try
{
myCommand.ExecuteNonQuery();
//TextBox1.Text = string.Empty;
//TextBox2.Text = string.Empty;
//TextBox3.Text = string.Empty;
//TextBox5.Text = string.Empty;
//TextBox6.Text = string.Empty;
using (SqlConnection conn = new SqlConnection("Data Source=KHUNP''SQLEXPRESS;Initial Catalog=kmuttssc;User ID=sa;Password=db2admin;"))
{
SqlCommand cmd = new SqlCommand("INSERT INTO transactionc (tranc_total, card_id,staff_id, date) VALUES (@tranc_total, @card_id,@staff_id, @date)");
cmd.CommandType = CommandType.Text;
cmd.Connection = conn;
cmd.Parameters.AddWithValue("@tranc_total", textBox5.Text);
cmd.Parameters.AddWithValue("@card_id", textBoxcardid.Text);
cmd.Parameters.AddWithValue("@staff_id", textBox8.Text);
cmd.Parameters.AddWithValue("@date", DateTime.Now);
//cmd.Parameters.AddWithValue("@Address", txtAddress.Text);
conn.Open();
cmd.ExecuteNonQuery();
}
label9.Text = "<b><big><big> Complete !!!</big></big> </b>";
}
catch
{
textBox7.Text = string.Empty;
label9.Text = "<b> <big> <big> Not Complete!!!</big> </big> </b>";
}
finally
{
con1.Close();
}
}
}
}
private void button5_Click(object sender, EventArgs e)
{
Form targetform = new Return(s, r);
targetform.Show();
this.Hide();
}
private void button6_Click(object sender, EventArgs e)
{
Form targetform = new Home1(s, r);
targetform.Show();
this.Hide();
}
}
}
我认为您需要向用户提供权限。转到您的数据库并执行以下查询:-
USE [DBName]
GO
EXEC sp_addrolemember N'db_datawriter', N'UserName'
GO
EXEC sp_addrolemember N'db_datareader', N'UserName'
还有一种方法可以给出置换,那就是使用GRANT特权。