Question

每个表中的列名必须唯一。表“ Sales”中的列名“ Delivery”被多次指定。

我该如何解决？我得到一个System.Data.SqlClient.SqlException。

class DataAccess
{
    string ConnectionString;

    public DataAccess()
    {
        ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["CafeteriaDBConnectionString"].ConnectionString;
    }        



    public bool RecordASale(ArrayList ProductsList, DateTime SaleTime, int SalesmanID, decimal CashGiven, decimal TotalBill, decimal CashReturn, string Delivery)
    {
        int SaleID = ReturnSaleID();

        using (SqlConnection connection = new SqlConnection(ConnectionString))
        {
            connection.Open();
            using (SqlCommand command = new SqlCommand("alter table [Sales] add [Delivery] varchar default 5 NOT NULL"))
            {
                command.Connection = connection;
                command.ExecuteNonQuery();
            }
        }

        using (SqlConnection connection = new SqlConnection(ConnectionString))
        {
            connection.Open();

            /*Start a local transaction*/
            SqlTransaction sqlTran = connection.BeginTransaction();

            /*Enlist a command in the current transaction*/
            SqlCommand command = connection.CreateCommand();
            command.Transaction = sqlTran;

            try
            {
                // Execute separate commands.
                command.Parameters.AddWithValue("@SaleTime", SaleTime);
                command.Parameters.AddWithValue("@SalesmanID", SalesmanID);
                command.Parameters.AddWithValue("@CashGiven", CashGiven);
                command.Parameters.AddWithValue("@TotalBill", TotalBill);
                command.Parameters.AddWithValue("@CashReturn", CashReturn);
                /*command.Parameters.AddWithValue("@Delivery", Delivery);*/

                command.CommandText =
                   "Insert into Sales (SaleTime, SalesmanID, CashGiven, TotalBill, CashReturn, Delivery) values (@SaleTime, @SalesmanID, @CashGiven, @TotalBill, @CashReturn, @Delivery)";
                command.ExecuteNonQuery();

                foreach (Details ProductDetail in ProductsList)
                {
                    //// Execute separate commands.
                    //command.Parameters.AddWithValue("@ProductName", ProductDetail.Name);
                    //command.Parameters.AddWithValue("@ProductPrice", ProductDetail.Price);
                    //command.Parameters.AddWithValue("@ProductQuantity", ProductDetail.Quantity);
                    //command.Parameters.AddWithValue("@ProductTotal", ProductDetail.Total);
                    //command.Parameters.AddWithValue("@SaleID", SaleID);

                    command.CommandText =
                       "Insert into SaleItems (ProductName, ProductPrice, ProductQuantity, ProductTotal, SaleID) values ('" + ProductDetail.Name + "', '" + ProductDetail.Price + "', '" + ProductDetail.Quantity + "', '" + ProductDetail.Total + "', '" + SaleID + "')";
                    command.ExecuteNonQuery();
                }

                // Commit the transaction.
                sqlTran.Commit();

                //connection.Close();

                return true;
            }
            catch (Exception ee)
            {
                throw ee;
            }
        }
    }

Answer 1

如果要在将列添加到数据表中之前检查其是否存在，则应以这种方式更改代码

 string sql = @"if NOT exists(SELECT 1 FROM INFORMATION_SCHEMA.COLUMNS 
                    WHERE Column_Name = 'Delivery' AND Table_Name = 'Sales')  
                    ALTER TABLE Sales ADD Delivery VARCHAR DEFAULT 5 NOT NULL";
 using (SqlCommand command = new SqlCommand(sql))
 {
      command.Connection = connection;
      command.ExecuteNonQuery();
 }

这样，只有在INFORMATION_SCHEMA.COLUMNS上的查询未返回值时，才会执行将“交货”列添加到表Sales中的操作

我现在还注意到，您正在构建将字符串连接在一起的INSERT命令。这是一个众所周知的安全性问题，您可以学习搜索如何将其用于Sql Injection

此外，如果SalesID列是“身份”列，则不应尝试在sql查询中为其传递值

每个表中的列名必须是唯一的例外

1 个答案: