sqlhelper类的写法

SQLHelper类总结

• 从内容上来看主要是编写两方面内容。一是编写对数据库“增删改”的操作，当然对它们的操作我们最终关心的是否对数据库有影响，换句话说只需要返回对数据库影响的行数。二是编写对数据库的“查询”操作，可以返回合适类型的数据，以便前台使用。
• 从参数新式上来看主要分带参数和不带参数的“增删查改”。

using System;
using System.Collections.Generic;
using System.Text;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;//添加了对其外部的web.config操作的类库

namespace DAL
{
    public class SQLHelper
    {
        private SqlConnection conn = null;
        private SqlCommand cmd = null;
        private SqlDataReader sdr = null;
        public SQLHelper()
        {
            //获取web.config中的<connectionStrings/>节中的连接字符串，从而实现了不用重新生成DAL而修改连接
            string connStr = ConfigurationManager.ConnectionStrings["connStr"].ConnectionString;
            conn = new SqlConnection(connStr);

        }
        private SqlConnection GetConn()
        {
            if (conn.State == ConnectionState.Closed)
            {
                conn.Open();
            }

            return conn;
        }



        /// <summary>
        /// 执行不带参数的增删改数据库
        /// </summary>
        /// <param name="sql">sql语句或者存储</param>
        /// <returns>返回数据库的影响的行数</returns>
        public int ExecuteNonQuery(string cmdText, CommandType ct)
        {
            int res;
            try
            {
                SqlCommand cmd = new SqlCommand(cmdText, GetConn());
                cmd.CommandType = ct;
                res = cmd.ExecuteNonQuery();
            }
            catch (Exception ex)
            {

                throw ex;
            }
            finally
            {
                if (conn.State == ConnectionState.Open)
                {
                    conn.Close();

                }

            }

            return res;

        }


        /// <summary>
        /// 防止sql注入例如：娱乐新闻c'）delete category where id=5--
        /// 执行带参数的sql增删改语句
        /// </summary>
        /// <param name="sql">sql语句或者存储过程</param>
        /// <param name="paras">sqlParameter参数集合</param>
        /// <returns></returns>
        public int ExecuteNonQuery(string cmdText, SqlParameter[] paras, CommandType ct)
        {

            int res;
            using (cmd = new SqlCommand(cmdText, GetConn()))
            {
                // cmd.Parameters.Add("@caName", "娱乐新闻c'）delete category where id=2--");
                // cmd.Parameters.AddRange(new SqlParameter[]{
                // new SqlParameter("@caName", "娱乐新闻")});
                cmd.CommandType = ct;
                cmd.Parameters.AddRange(paras);
                res = cmd.ExecuteNonQuery();
            }
            return res;
        }

        /// <summary>
        /// 执行传入不带参数的sql查询语句或者存储过程
        /// </summary>
        /// <param name="sql">sql查询语句或者存储过程名</param>
        /// <returns>datatable</returns>
        public DataTable ExecuteQuery(string cmdText, CommandType ct)
        {
            DataTable dt = new DataTable();
            SqlCommand cmd = new SqlCommand(cmdText, GetConn());
            cmd.CommandType = ct;
            using (sdr = cmd.ExecuteReader(CommandBehavior.CloseConnection))
            {

                dt.Load(sdr);
            }


            return dt;

        }

        /// <summary>
        /// 执行带参数的sql查询语句或存储过程
        /// </summary>
        /// <param name="sql">sql语句或者存储过程名称</param>
        /// <param name="paras">参数集合</param>
        /// <returns></returns>
        public DataTable ExecuteQuery(string cmdText, SqlParameter[] paras, CommandType ct)
        {
            DataTable dt = new DataTable();
            cmd = new SqlCommand(cmdText, GetConn());
            cmd.CommandType = ct;
            cmd.Parameters.AddRange(paras);
            using (sdr = cmd.ExecuteReader(CommandBehavior.CloseConnection))
            {

                dt.Load(sdr);
            }


            return dt;

        }
        /*
        /// <summary>
        /// 数据库存储过程
        /// </summary>
        /// <param name="procName">存储过程名称</param>
        /// <returns></returns>

        public DataTable Test(string procName)
        {
            DataTable dt = new DataTable();
            cmd = new SqlCommand(procName, GetConn());
            cmd.CommandType = CommandType.StoredProcedure;
            using (sdr = cmd.ExecuteReader(CommandBehavior.CloseConnection))
            {

                dt.Load(sdr);
            }


            return dt;

        }
         */


    }
}