我需要帮助从数据库列和C#中的textBox值中扣除值,并且在扣除之后,该值必须存储在新列中。
包含值的列名称为-“ txttopup”
并且更新后的值必须存储在列名中-“ txtbalance”
我使用SQL Server 2014,我附加了代码和数据库快照
代码是
private void button17_Click(object sender, EventArgs e)
{
String ConString = "Data Source = DESKTOP - JENA\\SQLEXPRESS; Initial Catalog = Project_Smartcard; Integrated Security = True";
SqlConnection cnn = new SqlConnection(ConString);
// SqlCommand command;
// SqlDataReader rd;
String sql = "Select * from WriteCard";
try
{
// cnn.Open();
// MessageBox.Show("Connection is active!");
// sc = new SqlCommand(sql, cnn);
// rd = sc.ExecuteReader();
// while (rd.Read())
// {
// // Retrieved.Text = rd.row[6]["amount"].Tostring();
// }
// sc.Dispose();
// cnn.Close();
cnn.Open();
SqlCommand command = new SqlCommand();
command.Connection = cnn;
command.CommandText = "update class set txtbalance = txttopup - " + Convert.ToInt32(totalpayment.Text);
command.ExecuteNonQuery();
cnn.Close();
}
}
您在此处编写的代码正在尝试更新所有行,因为您没有指定任何条件(即您可能需要where子句)。您也可以考虑使用命令参数,而不是使用字符串连接。
您需要使用SqlCommand参数来避免SQL注入攻击。同时应用过滤器,以避免更新所有行。
cnn.Open();
SqlCommand command = new SqlCommand();
command.Connection = cnn;
command.CommandText = "update class set txtbalance = txttopup - @txtPopup" +
" WHERE bdcardno = @bdcardno";
command.Parameters.Add("@txtPopup", SqlDbType.Int);
command.Parameters["@txtPopup"].Value = Convert.ToInt32(txtPopup.Text);
//Arrive at the bdcardno using business logic or get it from user
command.Parameters.Add("@bdcardno", SqlDbType.Int);
command.Parameters["@bdcardno"].Value = Convert.ToInt32(txtbdCardNo.Text);
command.ExecuteNonQuery();