C#INSERT TO访问数据库创建2个数据库条目而不是1

Question

我已经创建了一个C#程序,用于将数据插入Access数据库,其中包含一些众所周知的代码.

每次运行代码时,我都会在数据库中获得两个条目

namespace Quotes
{
public partial class QuotesForm : Form
{
    private OleDbConnection quotescon;
    private OleDbCommand oledbcmd = new OleDbCommand();
    private string connect = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=H:\Quotes.mdb;Persist Security Info=False";

    public QuotesForm()
    {
        quotescon = new OleDbConnection(connect);
        InitializeComponent();
    }

    private void btn_insert_Click(object sender, EventArgs e)
    {
        int quote = Convert.ToInt32(txtb_Quotenumber.Text);
        quotescon.Open();
        oledbcmd.Connection = quotescon;
        oledbcmd.CommandText = "insert into table1 ([Quote number], Account, Made, Approved) values ('" + quote + "','" + this.txtb_name.Text + "','" + this.date_created.Text + "','" + this.comboBox1.Text +"');";
        oledbcmd.ExecuteNonQuery();
        int temp = oledbcmd.ExecuteNonQuery();
        if(temp > 0)
        {
            txtb_Quotenumber.Text = null;
            txtb_name.Text = null;
            MessageBox.Show("Entry has been Successfuly Added to Database","Data Added",MessageBoxButtons.OK,MessageBoxIcon.Information);
        }
        else
        {
            MessageBox.Show("Data entry has not been added Successfuly, Please try again", "Failed To add Data", MessageBoxButtons.OK, MessageBoxIcon.Error);
        }
        quotescon.Close();

    }

Answer 1

因为你执行了两次命令.

一个用

oledbcmd.ExecuteNonQuery();

和另一个

int temp = oledbcmd.ExecuteNonQuery();

只需删除第一个.

从SqlCommand.ExecuteNonQuery方法

对连接执行 Transact-SQL语句并返回受影响的行数.

但更重要的是,您应该始终使用参数化查询.这种字符串连接对SQL注入攻击是开放的.

并使用using声明来处理你OleDbConnection和OleDbCommand.

using(OleDbConnection quotescon = new OleDbConnection(connect))
using(OleDbCommand oledbcmd= con.CreateCommand())
{
    oledbcmd.CommandText = @"insert into table1 ([Quote number], Account, Made, Approved)
                            values(?, ?, ?, ?)";
    oledbcmd.Parameters.AddWithValue("@number", quote);
    oledbcmd.Parameters.AddWithValue("@account", this.txtb_name.Text);
    oledbcmd.Parameters.AddWithValue("@made", this.date_created.Text);
    oledbcmd.Parameters.AddWithValue("@approved", this.comboBox1.Text);
    int temp = oledbcmd.ExecuteNonQuery();

    if(temp > 0)
    {
        txtb_Quotenumber.Text = null;
        txtb_name.Text = null;
        MessageBox.Show("Entry has been Successfuly Added to Database","Data Added",MessageBoxButtons.OK,MessageBoxIcon.Information);
    }
    else
    {
        MessageBox.Show("Data entry has not been added Successfuly, Please try again", "Failed To add Data", MessageBoxButtons.OK, MessageBoxIcon.Error);
    }
}