时间戳

首页 > 解决方案 > 检查数据库是否存在 MSSQL C#

c# - 检查数据库是否存在 MSSQL C#

问题描述

我有这样的代码:

private bool CheckDatabase(string databaseName, bool bRet)
    {
        string connString = "Server=localhost\\SQLEXPRESS;Integrated Security=SSPI;database=master";
        string cmdText = "select * from master.dbo.sysdatabases where name=\'" + databaseName + "\'";



        using (SqlConnection sqlConnection = new SqlConnection(connString))
        {
            sqlConnection.Open();
            using (SqlCommand sqlCmd = new SqlCommand(cmdText, sqlConnection))
            {
                int nRet = sqlCmd.ExecuteNonQuery();
                // regMessage.Text = nRet.ToString();
                if (nRet <= 0)
                {
                    bRet = false;
                }
                else
                {
                    bRet = true;
                }
            }
        }
        return bRet;
    }

然而

nRet

结果总是-1,好像数据库不存在(它确实存在)。是因为数据库是空的吗?或者如果创建了数据库,它是否应该返回 >0,即使它是空的?顺便说一句,字符串 databaseName 是正确的。

编辑>编辑:我在“CREATE DATABASE @database”ssql命令上也遇到了stage错误:

'@userDatabase' 附近的语法不正确

代码是这样的:

    var connString = "Server=localhost\\SQLEXPRESS;Integrated Security = SSPI; database = master";
                string cmdText = "CREATE DATABASE @userDatabase";
                using (var sqlConnection = new SqlConnection(connString))
                {
                    using (var sqlCmd = new SqlCommand(cmdText, sqlConnection))
                    {
                        sqlCmd.Parameters.Add("@userDatabase", System.Data.SqlDbType.NVarChar).Value = databaseName;=
                        sqlConnection.Open();
                        sqlCmd.ExecuteNonQuery();
                    }
                }

标签: c#sqlsql-serverdatabaseuwp

解决方案

  1. 使用参数化查询。
  2. 使用Select count(*)而不是Select *.
  3. 使用ExecuteScalar代替ExecuteNonQuery
  4. 请注意代码上的注释,它们解释了我所做的更改。
// No point of passing a bool if all you do is return it...
private bool CheckDatabase(string databaseName)
{
    // You know it's a string, use var
    var connString = "Server=localhost\\SQLEXPRESS;Integrated Security=SSPI;database=master";
    // Note: It's better to take the connection string from the config file.

    var cmdText = "select count(*) from master.dbo.sysdatabases where name=@database";

    using (var sqlConnection = new SqlConnection(connString))
    {
        using (var sqlCmd = new SqlCommand(cmdText, sqlConnection))
        {
            // Use parameters to protect against Sql Injection
            sqlCmd.Parameters.Add("@database", System.Data.SqlDbType.NVarChar).Value = databaseName;

            // Open the connection as late as possible
            sqlConnection.Open();
            // count(*) will always return an int, so it's safe to use Convert.ToInt32
            return Convert.ToInt32( sqlCmd.ExecuteScalar()) == 1;
        }
    }

}

推荐阅读