c#保存数据 使用事务和参数化 标准
SqlConnection cn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["wishConnectionString"].ConnectionString);
SqlTransaction ta = null;
try
{
cn.Open();
ta = cn.BeginTransaction();
SqlCommand cmd = new SqlCommand("insert into tbl_Question(course,question,point,ken,type,[delete]) values(@course,@question,@point,@ken,@type,@delete);select @id = scope_identity()", cn);
cmd.Transaction = ta;
cmd.Parameters.Add("@id", SqlDbType.Int).Direction = ParameterDirection.Output;
cmd.Parameters.AddWithValue("@course", Request.QueryString["course"]);
cmd.Parameters.AddWithValue("@question", txtQuestion.Text.Trim());
cmd.Parameters.AddWithValue("@point", dropPoint.SelectedValue);
cmd.Parameters.AddWithValue("@ken", dropKen.SelectedValue);
cmd.Parameters.AddWithValue("@type", Request.QueryString["type"]);
cmd.Parameters.AddWithValue("@delete", 0);
cmd.ExecuteNonQuery();
int id = (int)cmd.Parameters["@id"].Value;
cmd.Parameters.Clear();
cmd.CommandText = "insert into tbl_Answer([ID_Question], [Option], [iskey]) values(@id_Question, @option, @iskey)";
for (int i = 1; i <= 4; i++)
{
cmd.Parameters.AddWithValue("@id_Question", id);
cmd.Parameters.AddWithValue("@option", (Form.FindControl("txtAnswer" + i.ToString()) as TextBox).Text);
cmd.Parameters.AddWithValue("@iskey", (Form.FindControl("chkKey" + i.ToString()) as CheckBox).Checked);
cmd.ExecuteNonQuery();
cmd.Parameters.Clear();
}
ta.Commit();
lblMessage.Text = "添加成功!";
}
catch (Exception ex)
{
try
{
ta.Rollback();
}
catch (Exception exx)
{
lblMessage.Text = exx.Message;
}
lblMessage.Text = ex.Message;
}
finally
{
cn.Close();
}
SqlTransaction ta = null;
try
{
cn.Open();
ta = cn.BeginTransaction();
SqlCommand cmd = new SqlCommand("insert into tbl_Question(course,question,point,ken,type,[delete]) values(@course,@question,@point,@ken,@type,@delete);select @id = scope_identity()", cn);
cmd.Transaction = ta;
cmd.Parameters.Add("@id", SqlDbType.Int).Direction = ParameterDirection.Output;
cmd.Parameters.AddWithValue("@course", Request.QueryString["course"]);
cmd.Parameters.AddWithValue("@question", txtQuestion.Text.Trim());
cmd.Parameters.AddWithValue("@point", dropPoint.SelectedValue);
cmd.Parameters.AddWithValue("@ken", dropKen.SelectedValue);
cmd.Parameters.AddWithValue("@type", Request.QueryString["type"]);
cmd.Parameters.AddWithValue("@delete", 0);
cmd.ExecuteNonQuery();
int id = (int)cmd.Parameters["@id"].Value;
cmd.Parameters.Clear();
cmd.CommandText = "insert into tbl_Answer([ID_Question], [Option], [iskey]) values(@id_Question, @option, @iskey)";
for (int i = 1; i <= 4; i++)
{
cmd.Parameters.AddWithValue("@id_Question", id);
cmd.Parameters.AddWithValue("@option", (Form.FindControl("txtAnswer" + i.ToString()) as TextBox).Text);
cmd.Parameters.AddWithValue("@iskey", (Form.FindControl("chkKey" + i.ToString()) as CheckBox).Checked);
cmd.ExecuteNonQuery();
cmd.Parameters.Clear();
}
ta.Commit();
lblMessage.Text = "添加成功!";
}
catch (Exception ex)
{
try
{
ta.Rollback();
}
catch (Exception exx)
{
lblMessage.Text = exx.Message;
}
lblMessage.Text = ex.Message;
}
finally
{
cn.Close();
}