第一步,登錄窗體
點擊右下角按鈕,顯示作者信息窗體
用戶名爲教師工號,在這簡化些,就是一8位數,20181101
輸入的用戶不存在時
密碼錯誤時
數據庫中Teacher表就一行數據
登陸成功後,顯示個人信息
根據登錄時輸入的賬號,查到到相應的整行數據,轉換成Teacher對象後,傳給主窗體,並將信息顯示出來。右下角那個按鈕沒實際作用,只是感覺右下角空白部分太多,就放了個按鈕。
進入學生管理頁面
學生表中就這三行數據
增加學生
刪除直接選中行,刪除就行
如果沒有選中,會提示選中行
修改學生
同樣,如果不選中要修改的行,會提示選中
選中後,根據選中行學生的信息,將對象傳遞給修改窗體,修改窗體加載時,將信息一併加載
查詢學生
根據學號或姓名,進行模糊查詢
查詢帶 姓張的
查詢不到時
課程管理
右側表顯示該老師所開的課,左側表顯示選修該老師課的學生。
增加課程直接在右下角文本框輸入課程號,課程名,會根據該老師的ID,所屬學院,創建一個課程對象,並將數據插入到表中。刪除課程,直接選中行,刪除即可。
左側成績表,採用分頁查詢,一頁默認顯示16行數據,顯然表中的數據不夠16行。學生的成績,可以在此表中直接修改,數據庫中表裏的成績也會相應修改,修改出錯時纔會提示。底部兩個按鈕,表示上一頁和下一頁,中間文本表示當前爲第幾頁,一共有多少頁,多少條數據。
在這我講數據結構與算法成績改成了98分。
修改個人信息
加載該頁面時,將個人信息也加載出來。
修改圖片,目前只允許上傳的.png、.jpg格式的圖片
做這個是爲了防止 用戶上傳一段視頻,文本文件等其他文件。在這我選裏面那張student.png
點擊確定
回到個人信息界面,顯示的是剛剛上傳的圖像
那張是學生的默認圖像,所以還換回原來的圖像
點擊修改密碼
同時支持鍵盤輸入
在這截屏工具和點擊這個鍵盤有些衝突,點開鍵盤後,去點截屏,鍵盤就自動消失了,所以在此用手機拍照。
設置
這個不知道做些什麼,複雜的功能做不出來,就直接在此放了張圖
同時支持,左側菜單欄隱藏
挑了部分代碼
實現分頁的存儲過程
create proc [dbo].[usp_getStudentScoreByPage]
@pageSize int =16, --每頁記錄條數
@pageIndex int=1, --當前要查看第幾頁的記錄
@TID varchar(11) ,--教師ID
@recordCount int output, --總的記錄條數
@pageCount int output-- 總的頁數
as
begin
select StudentID,StudentName,CName,Score,CID from
(select s.StudentID,s.StudentName,c.CName,sg.Score ,c.CID,rn=ROW_NUMBER() over(order by AutoID asc) from Student_Grade as sg
inner join Student as s on s.StudentID=sg.SID
inner join Course as c on c.CID=sg.CID
where sg.CID in (select Course.CID from Course where Teacher= @TID)) as sc
where sc.rn between (@pageIndex-1)*@pageSize and @pageSize*@pageIndex
--計算總的記錄條數
set @recordCount=(select count(*) from Student_Grade)
--計算總頁數
set @pageCount=CEILING(@recordCount*1.0/@pageSize)
end
對教師表的數據操作層
using EAM.Model;
using System;
using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Drawing;
namespace EAM.DAL
{
public class TeacherDAL
{
/// <summary>
/// 根據輸入的用戶名查詢 用戶
/// </summary>
/// <param name="ID">用戶名</param>
/// <returns>用戶對象</returns>
public Teacher GetTeacherInfo(string ID)
{
string sql = "select * from Teacher where TID=@Id";
SqlParameter pms = new SqlParameter("@Id", SqlDbType.VarChar, 11) { Value = ID };
DataTable dt = SqlHelper.ExecuteDataTable(sql, CommandType.Text, pms);
Teacher teacher = null;
if (dt.Rows.Count>0)
{
teacher = RowToTeacherInfo(dt.Rows[0]);
}
return teacher;
}
//將查到的一行數據 轉換爲一個對象
private Teacher RowToTeacherInfo(DataRow dr)
{
Teacher tea = new Teacher();
tea.TID = dr["TID"].ToString();
tea.PassWord = dr["PassWord"].ToString();
tea.TName = dr["TName"].ToString();
tea.TGender = (Convert.ToBoolean(dr["TGender"])) ? "男" : "女";
tea.Birthday = Convert.ToDateTime(dr["Birthday"]);
tea.AdmissionTime = Convert.ToDateTime(dr["AdmissionTime"]);
tea.Departments = dr["Departments"].ToString();
tea.TSalary = Convert.ToDecimal(dr["TSalary"]);
tea.Address = dr["Address"].ToString();
if (!dr.IsNull("Image"))
{
byte[] imageByte = (byte[])dr["Image"];
MemoryStream stream = new MemoryStream(imageByte);
tea.Image = new Bitmap(stream);
}
return tea;
}
/// <summary>
/// 修改教師信息
/// </summary>
/// <param name="t"></param>
/// <returns></returns>
public int EditTeacher(Teacher t)
{
string sql = "update Teacher set TID=@ID, TName=@name,TGender=@gender,Birthday=@bir,AdmissionTime=@adm,Departments=@depart,TSalary=@salary,Image=@image,Address=@add where TID="+t.TID;
byte[] buffer;
using(MemoryStream ms=new MemoryStream())
{
t.Image.Save(ms, System.Drawing.Imaging.ImageFormat.Bmp);
buffer = ms.GetBuffer();
}
SqlParameter[] pms = new SqlParameter[]
{
new SqlParameter("@ID",t.TID),
new SqlParameter("@name",t.TName),
new SqlParameter("@gender", SqlDbType.Bit){Value=t.TGender=="男"?true:false},
new SqlParameter("@bir", SqlDbType.DateTime){Value=t.Birthday},
new SqlParameter("@adm", SqlDbType.Date){Value=t.AdmissionTime},
new SqlParameter("@depart", t.Departments),
new SqlParameter("@salary",t.TSalary),
new SqlParameter("@add",t.Address),
new SqlParameter("@image", SqlDbType.Image){Value=buffer}
};
try
{
return SqlHelper.ExecuteNonquery(sql, CommandType.Text, pms);
}
catch (Exception)
{
return 0;
}
}
/// <summary>
/// 修改密碼
/// </summary>
/// <param name="pwd">新密碼</param>
/// <param name="id">教師ID</param>
/// <returns></returns>
public int EditPwd(string pwd,string id)
{
string sql = "update Teacher set PassWord=@pwd where TID=" + id;
SqlParameter pms = new SqlParameter("@pwd", pwd);
return SqlHelper.ExecuteNonquery(sql, CommandType.Text, pms);
}
}
}
對學生表的數據操作層
這裏只是教師窗體中需要的對學生操作的代碼,學生窗體還沒做
using EAM.Model;
using System;
using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace EAM.DAL
{
public class StudentDAL
{
/// <summary>
/// 獲得所有學生信息
/// </summary>
/// <returns></returns>
public List<Student> GetAllStudents()
{
//string sql = "select StudentID,StudentName,StudentGender,Birthday,AdmissionTime,Departments,Class from Student";
string sql = "select StudentID,StudentName,StudentGender,Birthday,AdmissionTime,college.COName,class.CLName from Student as student inner join Class as class on student.Class=class.CLID inner join College as college on student.Departments=college.COID";
DataTable dt = SqlHelper.ExecuteDataTable(sql, CommandType.Text);
List<Student> list = null ;
if (dt.Rows.Count>0)
{
list = new List<Student>();
foreach (DataRow item in dt.Rows)
{
list.Add(RowToStudentInfo(item));
}
}
return list;
}
/// <summary>
/// 將行對象轉換成學生對象
/// </summary>
/// <param name="dr"></param>
/// <returns></returns>
private Student RowToStudentInfo(DataRow dr)
{
Student student = new Student();
student.SID = dr["StudentID"].ToString();
student.SName = dr["StudentName"].ToString();
student.SGender = (Convert.ToBoolean(dr["StudentGender"])) ? "男" : "女";
student.Birthday = Convert.ToDateTime(dr["Birthday"]);
student.AdmissionTime = Convert.ToDateTime(dr["AdmissionTime"]);
//student.Departments = dr.IsNull("COName")?dr["Departments"].ToString(): dr["COName"].ToString();
// student.Class = dr.IsNull("CLName")?dr["Class"].ToString():dr["CLName"].ToString();
try
{
student.Departments = dr["COName"].ToString();
student.Class = dr["CLName"].ToString();
}
catch (Exception)
{
student.Departments = dr["Departments"].ToString();
student.Class = dr["Class"].ToString();
}
return student;
}
/// <summary>
/// 添加學生
/// </summary>
/// <param name="student">學生對象</param>
/// <returns>所影響的行數</returns>
public int AddStudentInfo(Student student)
{
string sql = "insert into Student (StudentID,PassWord,StudentName,StudentGender,Birthday,AdmissionTime,Departments,Class,Image) values (@SID,@PWD,@SName,@SGender,@Birthday,@AdmissionTime,@Departments,@Class,@Image)";
SqlParameter[] pms = new SqlParameter[]
{
new SqlParameter("@SID", SqlDbType.VarChar,11){ Value=student.SID},
new SqlParameter("@PWD", SqlDbType.VarChar,50){ Value=student.PassWord},
new SqlParameter("@SName", SqlDbType.NVarChar,10){ Value=student.SName},
new SqlParameter("@SGender", SqlDbType.Bit){Value=student.SGender=="男"?true:false},
new SqlParameter("@Birthday", SqlDbType.DateTime){Value=student.Birthday},
new SqlParameter("@AdmissionTime", SqlDbType.DateTime){Value=student.AdmissionTime},
new SqlParameter("@Departments", SqlDbType.VarChar,11){Value=student.Departments},
new SqlParameter("@Class", SqlDbType.VarChar,11){ Value=student.Class},
new SqlParameter("@Image", SqlDbType.Image){Value=DBNull.Value}
};
try
{
return SqlHelper.ExecuteNonquery(sql, CommandType.Text, pms);
}
catch (Exception)
{
return 0;
}
}
/// <summary>
/// 修改學生信息
/// </summary>
/// <param name="student">學生對象</param>
/// <returns>所影響的行數</returns>
public int UpdateStudentInfo(Student student)
{
string sql = "Update Student set StudentName=@SName,StudentGender=@SGender,Birthday=@Bir,AdmissionTime=@Admi,Departments=@Depart,Class=@Cla,Image=@Image Where StudentID=@SID";
SqlParameter[] pms = new SqlParameter[]
{
new SqlParameter("@SID", SqlDbType.VarChar,11){ Value=student.SID},
//new SqlParameter("@PWD", SqlDbType.VarChar,50){ Value=student.PassWord},
new SqlParameter("@SName", SqlDbType.NVarChar,10){ Value=student.SName},
new SqlParameter("@SGender", SqlDbType.Bit){Value=student.SGender=="男"?true:false},
new SqlParameter("@Bir", SqlDbType.DateTime){Value=student.Birthday},
new SqlParameter("@Admi", SqlDbType.DateTime){Value=student.AdmissionTime},
new SqlParameter("@Depart", SqlDbType.VarChar,11){Value=student.Departments},
new SqlParameter("@Cla", SqlDbType.VarChar,11){ Value=student.Class},
new SqlParameter("@Image", SqlDbType.Image){Value=DBNull.Value}
};
//List<SqlParameter> list = new List<SqlParameter>();
//list.AddRange(pms);
if (student.Image!=null)
{
pms[7].Value = student.Image;
}
try
{
return SqlHelper.ExecuteNonquery(sql, CommandType.Text, pms);
}
catch (Exception)
{
return 0;
}
}
/// <summary>
/// 根據學號,刪除相應的學生
/// </summary>
/// <param name="sid">學號</param>
/// <returns>所影響的行數</returns>
public int DeleteStudentInfo(string sid)
{
string sql = "delete from Student Where StudentID=" + sid;
return SqlHelper.ExecuteNonquery(sql, CommandType.Text);
}
/// <summary>
/// 根據學號查詢學生信息
/// </summary>
/// <param name="sid">學號</param>
/// <returns>學生對象</returns>
public Student GetStudentBySid(string sid)
{
//string sql = "select StudentID,StudentName,StudentGender,Birthday,AdmissionTime,college.COName,class.CLName from Student as student inner join Class as class on student.Class=class.CLID inner join College as college on student.Departments=college.COID Where student.StudentID="+ sid;
string sql = "select StudentID,StudentName,StudentGender,Birthday,AdmissionTime,Departments,Class from Student where StudentID = " + sid;
DataTable dt = SqlHelper.ExecuteDataTable(sql, CommandType.Text);
Student stu = new Student();
if (dt.Rows.Count>0)
{
stu = RowToStudentInfo(dt.Rows[0]);
}
return stu;
}
/// <summary>
/// 根據查詢條件,查找相應的學生
/// </summary>
/// <param name="info">條件</param>
/// <returns>查到的學生</returns>
public List<Student> GetStudentsByInfo(string info)
{
List<Student> list = new List<Student>();
string sql = " select StudentID, StudentName, StudentGender, Birthday, AdmissionTime, college.COName,class.CLName from Student as student inner join Class as class on student.Class=class.CLID inner join College as college on student.Departments=college.COID Where student.StudentID like @SID or student.StudentName like @SName";
SqlParameter[] pms = new SqlParameter[]
{
new SqlParameter("@SID","%"+info+"%"),
new SqlParameter("@SName","%"+info+"%")
};
DataTable dt = SqlHelper.ExecuteDataTable(sql, CommandType.Text, pms);
if (dt.Rows.Count>0)
{
foreach (DataRow dr in dt.Rows)
{
list.Add(RowToStudentInfo(dr));
}
}
return list;
}
}
}
對課程表的數據操作層
using EAM.Model;
using System;
using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
namespace EAM.DAL
{
public class CourseDAL
{
/// <summary>
/// 根據教師ID,查詢教師開的課程
/// </summary>
/// <param name="TID">教師ID</param>
/// <returns></returns>
public List<Course> GetCourses(string TID)
{
string sql = "select * from Course where Teacher=" + TID;
List<Course> list = new List<Course>();
DataTable dt = SqlHelper.ExecuteDataTable(sql, CommandType.Text);
if (dt.Rows.Count>0)
{
foreach (DataRow dr in dt.Rows)
{
list.Add(RowToCourse(dr));
}
}
return list;
}
private Course RowToCourse(DataRow dr)
{
Course course = new Course();
course.CID = dr["CID"].ToString();
course.CName = dr["CName"].ToString();
course.Departments = dr["Departments"].ToString();
course.CTeacher = dr["Teacher"].ToString();
return course;
}
/// <summary>
/// 根據課程號,刪除課程
/// </summary>
/// <param name="CID">課程號</param>
/// <returns></returns>
public int DeleteCourse(string CID)
{
string sql = "delete from Course Where CID=" + CID;
return SqlHelper.ExecuteNonquery(sql, CommandType.Text);
}
/// <summary>
/// 添加課程
/// </summary>
/// <param name="course">課程對象</param>
/// <returns></returns>
public int AddCourse(Course course)
{
string sql = "insert into Course values(@CID,@CName,@Dep,@Teac)";
SqlParameter[] pms = new SqlParameter[]
{
new SqlParameter("@CID", course.CID),
new SqlParameter("@CName",course.CName),
new SqlParameter("@Dep",course.Departments),
new SqlParameter("@Teac",course.CTeacher)
};
try
{
return SqlHelper.ExecuteNonquery(sql, CommandType.Text, pms);
}
catch (Exception)
{
return 0;
}
}
}
}
目前還需要對安全性做一些鞏固,雖然在數據庫的表中,對屬性都增加了約束條件,同時預防了用戶sql注入攻擊,但這還遠遠不夠,現在主要要對用戶的輸入做一些限制。