Complete modification:
1 //1. Receive the student number entered by the user2Console.Write ("Please enter the student number to be modified:");3 stringScode =console.readline ();4 5 //2. Judge whether or not this student6SqlConnection conn =NewSqlConnection ("server=.; database=data0425;user=sa;pwd=123;");7SqlCommand cmd =Conn. CreateCommand ();8Cmd.commandtext ="Select *from Student where code = '"+ Scode +"'";9 Conn. Open ();TenSqlDataReader dr =cmd. ExecuteReader (); One //3, there is this student, then continue to modify the operation, if not, prompted no confidence in this student, can not modify A if(Dr. HasRows) - { -Hasstu =true; the } - Else - { -Hasstu =false; + } - Conn. Close (); + A if(Hasstu) at { -Console.WriteLine ("The student information has been queried, please make changes:"); -Console.Write ("Please enter the name of the student after the change:"); - stringSname =console.readline (); -Console.Write ("Please enter the gender of the student after the change:"); - BOOLSsex =Convert.toboolean (Console.ReadLine ()); inConsole.Write ("Please enter the student's birthday after the change:"); -DateTime Sbirthday =Convert.todatetime (Console.ReadLine ()); toConsole.Write ("Please enter the student score after the change:"); + decimalSscore =Convert.todecimal (Console.ReadLine ()); - theCmd.commandtext ="Update student set Name= '"+ Sname +"', sex= '"+ Ssex +"', birthday= '"+ Sbirthday +"', score="+ Sscore +"WHERE code = '"+ Scode +"'"; * $ Conn. Open ();Panax Notoginseng cmd. ExecuteNonQuery (); -Console.WriteLine ("modified successfully! "); the Conn. Close (); + Break; A } the Else + { -Console.WriteLine ("do not check this student, please re-enter! Press any key to continue ..."); $ Console.readkey (); $ console.clear (); - } - } the -Console.ReadLine ();
Delete and modify the same as the judgment, just change the statement to delete the statement.
To prevent string injection attacks:
1Cmd.commandtext ="Update student Set [email protected],[email protected],[email protected],[email protected] Where code = @Scode";//The SQL statement uses the @ index instead of the data that was supposed to be added. 2Cmd. Parameters.clear ();//clear the collection before use3Cmd. Parameters.Add ("@Sname", Sname);//add data to the collection, preceded by the index number with @, followed by the added data, all types can be added. 4Cmd. Parameters.Add ("@Ssex", Ssex);5Cmd. Parameters.Add ("@Sbirthday", sbirthday);6Cmd. Parameters.Add ("@Sscore", Sscore);7Cmd. Parameters.Add ("@Scode", Scode);
Full modification and deletion and anti-string injection attacks