SQL SERVER data operation code

Copy codeThe Code is as follows:
Using System;
Using System. Data;
Using System. Configuration;
Using System. Web;
Using System. Web. Security;
Using System. Web. UI;
Using System. Web. UI. WebControls;
Using System. Web. UI. WebControls. WebParts;
Using System. Web. UI. HtmlControls;
Using System. Data. SqlClient;
/// <Summary>
/// Summary of dataOperate
/// </Summary>
Public class dataOperate
{
Public dataOperate ()
{
//
// TODO: add the constructor logic here
//
}
/// <Summary>
/// Create a database connection method
/// </Summary>
/// <Returns> returns the SqlConnection object </returns>
Public static SqlConnection createCon ()
{
SqlConnection con = new SqlConnection ("server =.; database = db_message; uid = sa; pwd = ;");
Return con;
}
/// <Summary>
/// SQL statement execution methods include Delete, insert, and update
/// </Summary>
/// <Param name = "SQL"> SQL statement to be executed </param>
/// <Returns> returns a Boolean value indicating whether the execution is successful. </returns>
Public static bool execSql (string SQL)
{
// Create a database connection
SqlConnection con = createCon ();
// Open the database connection
Con. Open ();
// Create a SqlCommand object
SqlCommand com = new SqlCommand (SQL, con );
// Determine whether the SQL statement is successfully executed
If (com. ExecuteNonQuery ()> 0)
{
Return true;
}
Else
{
Return false;
}
}
/// <Summary>
/// Query the data method and return a DataSet object
/// </Summary>
/// <Param name = "SQL"> executed SQL statement </param>
/// <Returns> returned DataSet object </returns>
Public static DataSet getRows (string SQL)
{
// Create a DataSet object
DataSet ds;
// Create a database connection
SqlConnection con = createCon ();
// Open the database connection
Con. Open ();
// Create a SqlDataAdapter object
SqlDataAdapter sda = new SqlDataAdapter (SQL, con );
// Instance DataSet object
Ds = new DataSet ();
// Fill in the DataSet object
Sda. Fill (ds );
// Close the database connection
Con. Close ();
Return ds;
}
/// <Summary>
/// Method for querying whether data exists
/// </Summary>
/// <Param name = "SQL"> SQL statement to be executed </param>
/// <Returns> returns a Boolean value. If the data exists, True is returned. Otherwise, False is returned. </returns>
Public static bool isName (string SQL)
{
// Create a database connection
SqlConnection con = createCon ();
// Open the database connection
Con. Open ();
// Create a SqlCommand object
SqlCommand com = new SqlCommand (SQL, con );
// Determine whether the data exists and return the corresponding Boolean Value
If (Convert. ToInt32 (com. ExecuteScalar ()> 0)
{
Return true;
}
Else
{
Return false;
}
}
/// <Summary>
/// Return the result that requires statistics
/// </Summary>
/// <Param name = "SQL"> SQL statement to be queried </param>
/// <Returns> return the integer variable, indicating the statistical result. </returns>
Public static int countData (string SQL)
{
// Create a database connection
SqlConnection con = createCon ();
// Open the database connection
Con. Open ();
// Create a SqlCommand object
SqlCommand com = new SqlCommand (SQL, con );
// Return the query result
Return Convert. ToInt32 (com. ExecuteScalar ());
}
/// <Summary>
/// Implement the user logon method, which can prevent SQL injection attacks
/// </Summary>
/// <Param name = "SQL"> SQL statement used for execution </param>
/// <Param name = "name"> User Logon name </param>
/// <Param name = "pass"> User Password </param>
/// <Returns> returns a Boolean value indicating whether the logon is successful. </returns>
Public static bool enter (string SQL, string name, string pass)
{
// Create a database connection
SqlConnection con = createCon ();
// Open the database connection
Con. Open ();
// Create a SqlCommand object
SqlCommand com = new SqlCommand (SQL, con );
// Set the parameter type
Com. Parameters. Add (new SqlParameter ("@ name", SqlDbType. VarChar, 20 ));
// Set the parameter value
Com. Parameters ["@ name"]. Value = name;
Com. Parameters. Add (new SqlParameter ("@ pass", SqlDbType. VarChar, 20 ));
Com. Parameters ["@ pass"]. Value = pass;
// Determine whether execution is successful
If (Convert. ToInt32 (com. ExecuteScalar ()> 0)
{
Return true;
}
Else
{
Return false;
}
}
/// <Summary>
/// Data query method, which returns a SqlDataReader object
/// </Summary>
/// <Param name = "SQL"> Method for executing an SQL statement </param>
/// <Returns> returns a SqlDataReader object </returns>
Public static SqlDataReader getRow (string SQL)
{
// Create a database connection
SqlConnection con = createCon ();
// Open the database connection
Con. Open ();
// Create a SqlCommand object
SqlCommand com = new SqlCommand (SQL, con );
// Obtain the SqlDataReader object returned by ExecuteReader
SqlDataReader sdr = com. ExecuteReader ();
Return sdr;
}
/// <Summary>
/// Set the display style of the time
/// </Summary>
/// <Param name = "str"> display time </param>
/// <Returns> return the modified time style </returns>
Public static string strDate (DateTime str)
{
// Set the display style of the time
Return str. ToLongDateString () + str. Hour + "Hour" + str. Minute + "Minute" + str. Second + "Second ";
}
/// <Summary>
/// Character filtering method
/// </Summary>
/// <Param name = "str"> string to be filtered </param>
/// <Returns> returns the filtered string </returns>
Public static string filtrateHtml (string str)
{
Str = str. Trim ();
Str = str. Replace ("'",""");
Str = str. Replace ("<", "<");
Str = str. Replace (">", "> ");
Str = str. Replace ("","");
Str = str. Replace ("\ n", "<br> ");
Return str;
}
/// <Summary>
/// Restore the string
/// </Summary>
/// <Param name = "str"> string to be restored </param>
/// <Returns> returns the restored string </returns>
Public static string resumeHtml (string str)
{
Str = str. Trim ();
Str = str. Replace (""","'");
Str = str. Replace ("<", "<");
Str = str. Replace (">", "> ");
Str = str. Replace ("","");
Str = str. Replace ("<br>", "\ n ");
Return str;
}
}