//sql 参数化查询<1>
using (SqlConnectionconn =newSqlConnection("data source=Fan-VAIO;Initialcatalog=sales;integrated security=true"))
{
conn.Open();
using(SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * from t_user where name=@us andpassword=@pw";
cmd.Parameters.Add(newSqlParameter("@us","王二小"));
cmd.Parameters.Add(newSqlParameter("@pw", 123456));
//cmd.ExecuteReader();
SqlDataReaderdr = cmd.ExecuteReader();
while(dr.Read())
{
Console.WriteLine(dr[1].ToString() + dr[3]); //输出T_user的第一项,和第三项, 注意:dr的索引从0开始。
}
}
}
Console.ReadKey();
//sql 参数化查询<2>
using(SqlConnection conn =newSqlConnection("data source=Fan-VAIO;initial catalog=sales;integrated security=true"))
{
conn.Open();
using(SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * from t_user where name=@nm andpassword=@pw";
cmd.Parameters.AddWithValue("@nm","罗蕊");
cmd.Parameters.AddWithValue("@pw",123456);
SqlDataReaderdr = cmd.ExecuteReader();
while(dr.Read())
{
Console.WriteLine(dr[1].ToString()+ dr[3]);
}
}
Console.ReadKey();
}
public bool Add(MoFeedBack m)
{
StringBuilder strSql = new StringBuilder();
strSql.Append("insert into FeedBack(");
strSql.Append("shopid,shopname,description,content,statuscfg,article_tag_id,picurl,date,moduleid,phone)");
strSql.Append(" values (");
strSql.Append("@shopid,@shopname,@description,@content,@statuscfg,@article_tag_id,@picurl,@date,@moduleid,@phone)");
DbCommand cmd = database.GetSqlStringCommand(strSql.ToString());
database.AddInParameter(cmd, "@shopid", DbType.Int32, m.shopid);
database.AddInParameter(cmd, "@shopname", DbType.String, m.shopname);
database.AddInParameter(cmd, "@statuscfg", DbType.Int32, m.statuscfg);
database.AddInParameter(cmd, "@article_tag_id", DbType.Int32, m.article_tag_id);
database.AddInParameter(cmd, "@picurl", DbType.String, m.picurl);
database.AddInParameter(cmd, "@description", DbType.String, m.description);
database.AddInParameter(cmd, "@content", DbType.String, m.content);
database.AddInParameter(cmd, "@date", DbType.DateTime, m.date);
database.AddInParameter(cmd, "@moduleid", DbType.Int32, m.moduleid);
database.AddInParameter(cmd, "@phone", DbType.String, m.phone);
return database.ExecuteNonQuery(cmd) > 0;
}