Write a, App.config general configuration file
<? Xml Version = "1.0" encoding = "UTF-8"?>
<The Configuration>
<the Startup>
<supportedRuntime Version = "v4.0" SKU =. ".NET Framework, Version = V4 .6 "/>
</ Startup>
// least skeleton code is generated automatically .net, generally without modification, as the database to be accessed by
<the connectionStrings>
<the Add name =" sqlcon "the connectionString =" Server = LAPTOP- I6FTHU4E \ SQLEXPRESS; the DataBase = smdb; Uid = SA; Pwd = mrc36286823;. "/>
</ the connectionStrings>
</ Configuration>
二、通用数据库访问类代码
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Windows.Forms;
namespace DAL.Helper
{
public class SQLHelper
{
private static string connString = ConfigurationManager.ConnectionStrings["sqlcon"].ToString();
#region simplicity of preparation of the program, program execution inefficiencies easily "injection attack" universal data access class
/// <Summary>
/// add, delete, change
/// </ Summary>
/// <param name = "sql statement"> </ param>
/// <Returns> </ Returns>
public static int Updata (String SQL)
{
the SqlConnection the SqlConnection Conn new new = (connString);
the SqlCommand the SqlCommand cmd = new new (SQL, Conn);
try
{
conn.Open();
return cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
throw ex;
}
finally
{
conn.Close();
}
}
/// <summary>
/// 返回单一结果查询
/// </summary>
/// <param name="sql"></param>
/// <returns></returns>
public static object GetSingleResult(string sql)
{
SqlConnection conn = new SqlConnection(connString);
SqlCommand cmd = new SqlCommand(sql, conn);
try
{
conn.Open();
return cmd.ExecuteScalar();
}
catch (Exception ex)
{
throw ex;
}
finally
{
conn.Close();
}
}
/// <summary>
/// 返回结果集查询
/// </summary>
/// <param name="sql"></param>
/// <returns></returns>
public static SqlDataReader GetReader(string sql)
{
SqlConnection conn = new SqlConnection(connString);
SqlCommand cmd = new SqlCommand(sql, conn);
try
{
conn.Open();
SqlDataReader objReader = cmd.ExecuteReader(CommandBehavior.CloseConnection);
return objReader;
}
catch (Exception ex)
{
throw ex;
}
}
#endregion
Universal Data Access Class #region with array parameters, can effectively prevent the "injection attacks"
/// <Summary>
General Method Updata with array parameters ///
/// </ Summary>
/// <param name = " sql statement "> </ param>
/// <param name =" parameter array package "> </ param>
/// <Returns> </ Returns>
public static int UpdataByPara (String sql, the SqlParameter [] parameters)
{
the SqlConnection the SqlConnection = new new Conn (connString);
the SqlCommand the SqlCommand cmd = new new (SQL, Conn);
the try
{
conn.Open ();
cmd.Parameters.AddRange (Parameters);
return the cmd.ExecuteNonQuery ();
}
catch (Exception ex)
{
throw ex;
}
finally
{
conn.Close();
}
}
#endregion
#region generic data call access class database stored procedure, the program execution efficiency, good prevent "injection attacks"
/// <Summary>
/// method call Updata general database stored procedure
/// </ Summary>
/ // <param name = "name stored procedure"> </ param>
/// <param name = "parameter array package"> </ param>
/// <Returns> </ Returns>
public static int UpdataByProcedure (String procedureName , the SqlParameter [] Parameters)
{
the SqlConnection the SqlConnection Conn new new = (connString);
the SqlCommand the SqlCommand cmd = new new ();
the try
{
conn.Open ();
cmd.Connection = Conn;
// declare the current call is stored procedure
= CommandType.StoredProcedure cmd.CommandType;
// name of the stored procedure
cmd.CommandText = procedureName;
// add input parameters
cmd.Parameters.AddRange (Parameters);
int the cmd.ExecuteNonQuery Result = ();
return Result;
}
the catch (Exception EX )
{
EX the throw;
}
the finally
{
conn.Close ();
}
}
/// <Summary>
/// method call GetSingleResult general database stored procedure
/// </ Summary>
/// <param name = "name stored procedure" > </ param>
/// <param name = "parameter array package"> </ param>
/// <Returns> </ Returns>
public static Object GetSingleResultByProcedure (String procedureName, the SqlParameter [] parameters)
{
the SqlConnection new new Conn = the SqlConnection (connString);
the SqlCommand the SqlCommand cmd = new new ();
try
{
conn.Open ();
cmd.Connection = conn;
// declare the current call is a stored procedure
cmd.CommandType = CommandType.StoredProcedure;
// stored procedure name
cmd.CommandText = procedureName;
// add an input parameter
cmd.Parameters.AddRange (Parameters);
Object cmd.ExecuteScalar Result = ();
return Result;
}
the catch (Exception EX)
{
throw ex;
}
finally
{
conn.Close();
}
}
/// <summary>
General GetReader /// method call to the database stored procedure
/// </ Summary>
/// <param name = "name stored procedure"> </ param>
/// <param name = "Array packaging parameters "> </ param>
/// <Returns> </ Returns>
public static GetReaderByProcedure the SqlDataReader (String procedureName, the SqlParameter [] parameters)
{
the SqlConnection the SqlConnection Conn new new = (connString);
the SqlCommand the SqlCommand cmd = new new ();
the try
{
conn.Open ();
cmd.Connection = Conn;
// declare the current call is a stored procedure
cmd.CommandType = CommandType.StoredProcedure;
// the name of the stored procedure
cmd.CommandText = procedureName;
// add input parameters
cmd.Parameters.AddRange (parameters);
SqlDataReader objReader = cmd.ExecuteReader(CommandBehavior.CloseConnection);
return objReader;
}
catch (Exception ex)
{
conn.Close();
throw ex;
}
}
#endregion
}
}