如何在单个SQL连接中运行多个SQL命令？

Question

我正在创建一个项目，我需要在单个sql连接中运行2-3个sql命令。 这里是我写的代码：

SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\v11.0;AttachDbFilename=|DataDirectory|\project.mdf;Integrated Security=True"); 
con.Open(); 
SqlCommand cmd = new SqlCommand("select * from " + mytags.Text + " ", con); 
SqlDataReader rd = cmd.ExecuteReader(); 
if (rd.Read()) 
{ 
    con.Close(); 
    con.Open(); 
    SqlCommand cmd1 = new SqlCommand("insert into " + mytags.Text + " values ('fname.lname@gmail.com','" + TextBox3.Text + "','" + TextBox4.Text + "','" + TextBox5.Text + "','"+mytags.Text+"')", con); 
    cmd1.ExecuteNonQuery(); 
    label.Visible = true; 
    label.Text = "Date read and inserted"; 
} 
else 
{ 
    con.Close(); 
    con.Open(); 
    SqlCommand cmd2 = new SqlCommand("create table " + mytags.Text + " (session VARCHAR(MAX) , Price int , Description VARCHAR(MAX), Date VARCHAR(20),tag VARCHAR(10))", con); 
    cmd2.ExecuteNonQuery(); 
    con.Close(); 
    con.Open(); 
    SqlCommand cmd3 = new SqlCommand("insert into " + mytags.Text + " values ('" + Session + "','" + TextBox3.Text + "','" + TextBox4.Text + "','" + TextBox5.Text + "','" + mytags.Text + "')", con); 
    cmd3.ExecuteNonQuery(); 
    label.Visible = true; 
    label.Text = "tabel created"; 
    con.Close(); 
} 

我试图删除错误，我得到了该连接不会else条件。请查看代码并建议是否有任何错误或其他解决方案。

Answer 1

只需更改SqlCommand.CommandText而不是每次创建新的SqlCommand。无需关闭并重新打开连接。

// Create the first command and execute 
var command = new SqlCommand("<SQL Command>", myConnection); 
var reader = command.ExecuteReader(); 

// Change the SQL Command and execute 
command.CommandText = "<New SQL Command>"; 
command.ExecuteNonQuery(); 

Answer 2

以下内容应该有效。保持单个连接一直打开，只需创建新命令并执行它们。

using (SqlConnection connection = new SqlConnection(connectionString)) 
{ 
    connection.Open(); 
    using (SqlCommand command1 = new SqlCommand(commandText1, connection)) 
    { 
    } 
    using (SqlCommand command2 = new SqlCommand(commandText2, connection)) 
    { 
    } 
    // etc 
} 

Answer 3

这很可能是通过SQL注入攻击的方式。这是值得的阅读，并相应地调整您的查询。

也许看看甚至为此创建一个存储过程，并使用类似sp_executesql的东西，当动态SQL是一个需求（即未知的表名等）时可以提供一些保护。欲了解更多信息，请查看this link。

Answer 4

我还没有测试过，但主要想法是：在每个查询上放置分号。

SqlConnection connection = new SqlConnection(); 
SqlCommand command = new SqlCommand(); 
connection.ConnectionString = connectionString; // put your connection string 
command.CommandText = @" 
    update table 
    set somecol = somevalue; 
    insert into someTable values(1,'test');"; 
command.CommandType = CommandType.Text; 
command.Connection = connection; 

try 
{ 
    connection.Open(); 
} 
finally 
{ 
    command.Dispose(); 
    connection.Dispose(); 
} 

更新： 你可以按照 Is it possible to have multiple SQL instructions in a ADO.NET Command.CommandText property?太

Answer 5

刚刚启用此属性在连接字符串中：

sqb.MultipleActiveResultSets = true;

这propperty alows多的DataReader

一个打开的连接

Answer 6

这里你可以找到Postgre例如，此代码单独的SQL连接

public static class SQLTest 
    { 
     public static void NpgsqlCommand() 
     { 
      using (NpgsqlConnection connection = new NpgsqlConnection("Server = ; Port = ; User Id = ; " + "Password = ; Database = ;")) 
      { 
       NpgsqlCommand command1 = new NpgsqlCommand("update xy set xw = 'a' WHERE aa='bb'", connection); 
       NpgsqlCommand command2 = new NpgsqlCommand("update xy set xw = 'b' where bb = 'cc'", connection); 
       command1.Connection.Open(); 
       command1.ExecuteNonQuery(); 
       command2.ExecuteNonQuery(); 
       command2.Connection.Close(); 
      } 
     } 
    }