我有一个接受搜索输入并使用它来查询数据库表的类。 然而,当我按下按钮并调用该类时,我看到它显示输入框中没有任何内容,并且只显示我的消息框消息,其中显示无效的搜索输入(未输入任何内容)。
我如何让类在正确的时间读取表单搜索文本框中的内容,以便它可以处理更多信息以继续其功能。
这是类的代码:
public static string s;
public static updateEmployeeForm uF = new updateEmployeeForm();
public static void selectAndDisplay()
{
if ((uF.textID.Text.Length==0))
{
MessageBox.Show("Enter valid input to search by");
}
else
{
try
{
if (uF.textID.Text.Length > 0)
{
s = "select * FROM mydb.employees WHERE id =" + int.Parse(uF.textID.Text);//declare variable called column that will contain a table column name set to be updated.
uF.colName = "id";
uF.updatingVar = uF.textID.Text;
uF.query4 = "Update mydb.employees SET name ='" + uF.nameTextBoxU.Text + "', surname='" + uF.surnameTextBoxU.Text + "', dept='" + uF.deptTextBoxU.Text + "', cost_center='" + uF.costCeTextBoxU.Text + "' ,address = '" + uF.addressTextBoxU.Text + "', dob= '" + uF.dobTextBoxU.Text + "', tel1= '" + uF.tel1TextBoxU.Text + "', tel2= '" + uF.tel2TextBoxU.Text + "' ,tel3= '" + uF.tel3TextBoxU.Text + "', email= '" + uF.emailTextBoxU.Text + "', commission= '" + uF.commTextBoxU.Text + "', total_commission= '" + uF.totalCommTextBoxU.Text + "', sick_leave= '" + uF.sickLTextBoxU.Text + "', annual_leave= '" + uF.annualLTextBoxU.Text + "', family_leave= '" + uF.familyLTextBoxU.Text + "', other_leave= '" + uF.otherLTextBoxU.Text + "',client_care_access='" + uF.clientCareChBox.Checked + "', sale_system_access='" + uF.StaffSystChBox.Checked + "', sale_system_access ='" + uF.SalesSystChBox.Checked + "', uploads_access='" + uF.UploadsChBox.Checked + "' WHERE id= '" + uF.updatingVar + "';";
}
else if (uF.idNumSearchTxtBox.Text.Length > 0)
{
s = "select * FROM mydb.employees WHERE id_num ='" + uF.idNumSearchTxtBox.Text + "';";
uF.colName = "id_num";
uF.updatingVar = uF.idNumSearchTxtBox.Text;
uF.query4 = "Update mydb.employees SET name ='" + uF.nameTextBoxU.Text + "', surname='" + uF.surnameTextBoxU.Text + "', dept='" + uF.deptTextBoxU.Text + "', cost_center='" + uF.costCeTextBoxU.Text + "' ,address = '" + uF.addressTextBoxU.Text + "', dob= '" + uF.dobTextBoxU.Text + "', tel1= '" + uF.tel1TextBoxU.Text + "', tel2= '" + uF.tel2TextBoxU.Text + "' ,tel3= '" + uF.tel3TextBoxU.Text + "', email= '" + uF.emailTextBoxU.Text + "', commission= '" + uF.commTextBoxU.Text + "', total_commission= '" + uF.totalCommTextBoxU.Text + "', sick_leave= '" + uF.sickLTextBoxU.Text + "', annual_leave= '" + uF.annualLTextBoxU.Text + "', family_leave= '" + uF.familyLTextBoxU.Text + "', other_leave= '" + uF.otherLTextBoxU.Text + "',client_care_access='" + uF.clientCareChBox.Checked + "', sale_system_access='" + uF.StaffSystChBox.Checked + "', sale_system_access ='" + uF.SalesSystChBox.Checked + "', uploads_access='" + uF.UploadsChBox.Checked + "' WHERE id_num= '" + uF.updatingVar + "';";
}
else if (uF.nameSearchTextBox.Text.Length > 0)
{
s = "select * FROM mydb.employees WHERE name ='" + uF.nameSearchTextBox.Text + "';";
uF.colName = "name";
uF.updatingVar = uF.nameSearchTextBox.Text;
uF.query4 = "Update mydb.employees SET name ='" + uF.nameTextBoxU.Text + "', surname='" + uF.surnameTextBoxU.Text + "', dept='" + uF.deptTextBoxU.Text + "', cost_center='" + uF.costCeTextBoxU.Text + "' ,address = '" + uF.addressTextBoxU.Text + "', dob= '" + uF.dobTextBoxU.Text + "', tel1= '" + uF.tel1TextBoxU.Text + "', tel2= '" + uF.tel2TextBoxU.Text + "' ,tel3= '" + uF.tel3TextBoxU.Text + "', email= '" + uF.emailTextBoxU.Text + "', commission= '" + uF.commTextBoxU.Text + "', total_commission= '" + uF.totalCommTextBoxU.Text + "', sick_leave= '" + uF.sickLTextBoxU.Text + "', annual_leave= '" + uF.annualLTextBoxU.Text + "', family_leave= '" + uF.familyLTextBoxU.Text + "', other_leave= '" + uF.otherLTextBoxU.Text + "',client_care_access='" + uF.clientCareChBox.Checked + "', sale_system_access='" + uF.StaffSystChBox.Checked + "', sale_system_access ='" + uF.SalesSystChBox.Checked + "', uploads_access='" + uF.UploadsChBox.Checked + "' WHERE name= '" + uF.updatingVar + "';";
}
else if (uF.surnameSearchTextBox.Text.Length > 0)
{
s = "select * FROM mydb.employees WHERE surname ='" + uF.surnameSearchTextBox.Text + "';";
uF.colName = "surname";
uF.updatingVar = uF.surnameSearchTextBox.Text;
uF.query4 = "Update mydb.employees SET name ='" + uF.nameTextBoxU.Text + "', surname='" + uF.surnameTextBoxU.Text + "', dept='" + uF.deptTextBoxU.Text + "', cost_center='" + uF.costCeTextBoxU.Text + "' ,address = '" + uF.addressTextBoxU.Text + "', dob= '" + uF.dobTextBoxU.Text + "', tel1= '" + uF.tel1TextBoxU.Text + "', tel2= '" + uF.tel2TextBoxU.Text + "' ,tel3= '" + uF.tel3TextBoxU.Text + "', email= '" + uF.emailTextBoxU.Text + "', commission= '" + uF.commTextBoxU.Text + "', total_commission= '" + uF.totalCommTextBoxU.Text + "', sick_leave= '" + uF.sickLTextBoxU.Text + "', annual_leave= '" + uF.annualLTextBoxU.Text + "', family_leave= '" + uF.familyLTextBoxU.Text + "', other_leave= '" + uF.otherLTextBoxU.Text + "',client_care_access='" + uF.clientCareChBox.Checked + "', sale_system_access='" + uF.StaffSystChBox.Checked + "', sale_system_access ='" + uF.SalesSystChBox.Checked + "', uploads_access='" + uF.UploadsChBox.Checked + "' WHERE surname= '" + uF.updatingVar + "';";
}
这里是调用它的代码,我调用它的形式是:
private void btnSearch_Click(object sender, EventArgs e)
{
updatingDatareadingClass.selectAndDisplay();
}
最佳答案
您正在创建表单的新实例,而不是使用原始实例(将存储输入值的地方)。
您可以使用原始文本框值 textID.Text 或通过执行以下操作确保显示您的 uF 表单:
uf.Show(); // This will then allow you to use `uF.textID.Text` correctly.
您还应该阅读 SQL 注入(inject),因为您的表单是可注入(inject)的,例如,用户可以输入他们的名字 test 或 1 = 1,这将允许访问您的应用程序,甚至更糟, DROP TABLE mydb.employees; 这将删除您的整个员工表。
关于c# - 上课时不阅读按钮单击时输入的表单,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32165340/