public int ExecuteSql(string TableName, string[] ColNames, string[] ColValues) { string SQL1, SQL2; if (ColNames.Length != ColValues.Length) { return(0); } try { con.Open(); SqlCommand cmd = new SqlCommand(); SQL1 = ""; SQL2 = ""; for (int i = 0; i < ColNames.Length; i++) { if (SQL1.ToString() == "") { SQL1 = ColNames[i].ToString(); SQL2 = "@" + ColNames[i].ToString(); } else { SQL1 = SQL1 + ", " + ColNames[i].ToString(); SQL2 = SQL2 + ", " + "@" + ColNames[i].ToString(); } // add parameter value cmd.Parameters.AddWithValue("@" + ColNames[i], ColValues[i]); // (@param name, value) } string strCommand = "Insert into " + TableName + " ( " + SQL1 + " ) " + " VALUES ( " + SQL2 + " )"; cmd.CommandText = strCommand; cmd.Connection = con; return(cmd.ExecuteNonQuery()); } catch (Exception ex) { return(0); } finally { con.Close(); } }
public string SaveDataSimple(string TableName, string[] ColNames, string[] ColValues) { string SQL; string SQL1, SQL2; try { con.Open(); //SqlConnection con = new SqlConnection(); //conn.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["ConnectionString1"].ConnectionString; SqlCommand cmd = new SqlCommand(); SQL1 = ""; SQL2 = ""; for (int i = 0; i < ColNames.Length; i++) { if (SQL1.ToString() == "") { SQL1 = ColNames[i].ToString(); SQL2 = "@" + ColNames[i].ToString(); } else { SQL1 = SQL1 + ", " + ColNames[i].ToString(); SQL2 = SQL2 + ", " + "@" + ColNames[i].ToString(); } // add parameter value cmd.Parameters.AddWithValue("@" + ColNames[i], ColValues[i]); // (@param name, value) } string strCommand = "Insert into " + TableName + " ( " + SQL1 + " ) " + " VALUES ( " + SQL2 + " )"; cmd.CommandText = strCommand; cmd.Connection = con; cmd.ExecuteNonQuery(); return("1"); } catch (Exception ex) { return("0"); } finally { con.Close(); } }