当前位置: 动力学知识库 > 问答 > 编程问答 >

c# - MS Access to sql server searching

问题描述:

How to use this code if we are going to use sql server database becaUSE in this code we used MS Access as the database

private void btnSearch_Click(object sender, System.EventArgs e) {

String pcode = txtPcode.Text;

int ctr = productsDS1.Tables[0].Rows.Count;

int x;

bool found = false;

for (x = 0; x<ctr; x++) {

if (productsDS1.Tables[0].Rows[x][0].ToString() == pcode) {

found = true;

break;

}

}

if (found == true) {

txtPcode.Text = productsDS1.Tables[0].Rows[x][0].ToString();

txtDesc.Text = productsDS1.Tables[0].Rows[x][1].ToString();

txtPrice.Text = productsDS1.Tables[0].Rows[x][2].ToString();

} else {

MessageBox.Show("Record Not Found");

}

private void btnNew_Click(object sender, System.EventArgs e) {

int cnt = productsDS1.Tables[0].Rows.Count;

string lastrec = productsDS1.Tables[0].Rows[cnt][0].ToString();

int newpcode = int.Parse(lastrec) + 1;

txtPcode.Text = newpcode.ToString();

txtDesc.Clear();

txtPrice.Clear();

txtDesc.Focus();

here's the connectionstring

Jet OLEDB:Global Partial Bulk Ops=2;Jet OLEDB:Registry Path=;Jet OLEDB:Database Locking Mode=0;Data Source="J:\2009-2010\1st sem\VC#\Sample\WindowsApplication_Products\PointOfSales.mdb"

网友答案:

It would be total abuse of a SQL Server to implement code like this against a server. My C# is a bit rusty, but it looks like this code walks through every row in productsDS1, comparing the "Pcode", "Desc" and "Price" to those entered into the text box.

The proper way to implement this is via either a stored procedure on the SQL Server that is passed those three values and returns either a recordset of matching record(s) (or possibly a RecordID to be used in a separate retreival process) OR at least to form a SQL statement to retreive the data (i.e. "SELECT * FROM productsDS1 where Pcode = '" & txtPcode.Text & "' AND Desc = '" & txtDesc.Text & "' AND Price = " & txtPrice.Text). I would recommend the first method since the second is susceptible to SQL injection.

(This methodology would also have been more appropriate against the Access db.)

分享给朋友:
您可能感兴趣的文章:
随机阅读: