这里使用的是参数化
SqlParameter useremail = new SqlParameter("@useremail", user.user_Email); SqlParameter pwd = new SqlParameter("@pwd", user.user_pwd); SqlParameter type = new SqlParameter("@type", user.user_Type); SqlParameter phone = new SqlParameter("@phone", user.user_phone); SqlParameter username = new SqlParameter("@username", user.user_phone); SqlCommand cmd = new SqlCommand(sql, conn); conn.Open(); cmd.Parameters.Add(useremail); cmd.Parameters.Add(pwd); cmd.Parameters.Add(type); cmd.Parameters.Add(phone); cmd.Parameters.Add(username); int count = cmd.ExecuteNonQuery(); conn.Close(); return count; 添加使用这段代码
SqlParameter pages = new SqlParameter("@pages",page); SqlParameter rowss = new SqlParameter("@rows",rows); SqlDataAdapter dat = new SqlDataAdapter(sql, conn); conn.Open(); dat.SelectCommand.Parameters.Add(pages); dat.SelectCommand.Parameters.Add(rowss); DataSet ds = new DataSet(); dat.Fill(ds); conn.Close(); return ds; 查询使用这段代码
string conText = "server=.;uid=sa;pwd=123456;database=ars"; using (SqlConnection con = new SqlConnection(conText)) { using (SqlCommand cmd = con.CreateCommand()) { con.Open(); cmd.CommandText= "select sName from student where sId = @sid and sMajor = @sMajor and sPassword = @sPassword"; //构造参数数组parameters SqlParameter[] parameters = {new SqlParameter("@sid",20160001), new SqlParameter("@smajor",1101), new SqlParameter("@spassword",123456) }; cmd.Parameters.AddRange(parameters); cmd.ExecuteNonQuery(); } }
添加也可以使用这个
继续对比 SqlParameter sp = new SqlParameter("@name","Pudding"); cmd.Parameters.Add(sp); sp = new SqlParameter("@ID","1"); cmd.Parameters.Add(sp); ----------------------------------- SqlParameter[] paras = new SqlParameter[] { new SqlParameter("@name","Pudding"),new SqlParameter("@ID","1") }; cmd.Parameters.AddRange(paras); 这样子还是第二种写数组的方便