like 参数:
string strSql = "select * from Person.Address where City like '%'+ @add + '%'"; SqlParameter[] Parameters=new SqlParameter[1]; Parameters[0] = new SqlParameter("@add", "bre");
in 参数:
public bool AssignToAnotherRoleBatch(List<int> idList, int newRoleId,string newRoleName, int newWorkerId, string newWorkerName, out string msg) { msg = ""; string[] ids = Array.ConvertAll<int, string>(idList.ToArray(), a => a.ToString()); string idstr = string.Join(",", ids); idstr = "," + idstr + ","; try { string sql = "update Customers set RoleId=@roleId,RoleName=@roleName,WorkerId=@workerId,WorkerName=@workerName where charindex(','+rtrim(Id) + ',' ,@idList)>0"; var cmd = new SqlCommand(sql, tradeConnection); cmd.Parameters.AddWithValue("@roleId", newRoleId); cmd.Parameters.AddWithValue("@roleName", newRoleName); cmd.Parameters.AddWithValue("@workerId", newWorkerId); cmd.Parameters.AddWithValue("@workerName", newWorkerName); cmd.Parameters.AddWithValue("@idList", idstr); int count = cmd.ExecuteNonQuery(); if (count > 0) return true; } catch( Exception e) { LogHelper.Err(e.Message+e.StackTrace); msg = e.Message; } return false; }
另外的使用in 参数的方法,@Role赋值 '1,2,3,4',如下:
exec("SELECT * FROM sys_User WHERE RoleID in ('" + @RoleID + "')")