采用SqlClient方式连接数据库:
int
Id
=
1
;
string Name = " lui " ;
// 语句中直接在sql语句中写添加的参数名,不论参数类型都是如此.
SqlCommand cmd = new SqlCommand("",connection1);
cmd.CommandText = " insert into TUserLogin values(@Id,@Name) " ;
cmd.Parameters.Clear();
cmd.Parameters.Add("@Id",SqlDbType).Value =Id;
cmd. Parameters.Add( " @Name " ,SqlDbType.VarChar ).Value = Name;
cmd.ExecuteNonQuery();
string Name = " lui " ;
// 语句中直接在sql语句中写添加的参数名,不论参数类型都是如此.
SqlCommand cmd = new SqlCommand("",connection1);
cmd.CommandText = " insert into TUserLogin values(@Id,@Name) " ;
cmd.Parameters.Clear();
cmd.Parameters.Add("@Id",SqlDbType).Value =Id;
cmd. Parameters.Add( " @Name " ,SqlDbType.VarChar ).Value = Name;
cmd.ExecuteNonQuery();
参数化的意义在于把对应的值从参数中提供,对于like语句,like后面的值则包括了单引号中的所有部分,包括百分号(%),因此在参数化like对应的值时,应该把百分号移到参数值中提供,像这样:
Cmd.Parameters["@KeyWord"].Value = "%" + StrKeyWord + "%";
可别奢想在sql语句中像这样的样子:
Select * From [TableName] Where [Column1] like '%@KeyWord%'
不会报错,不过你不可能查询到想要的结果。
namespace
DemoConsoleApplication
{
class Program
{
//数据库连接字符串、根据实际修改
private const string ConnectionString = @"Data Source=|DataDirectory|\Database1.sdf";
static void Main( string [] args)
{
//获取用户输入的内容
Console . WriteLine( "请输入用户名");
string Passport = Console . ReadLine();
Console . WriteLine( "请输入密码");
string Password = Console . ReadLine();
using ( SqlConnection Conn = new SqlConnection( ConnectionString))
{
Conn . Open(); //打开数据库
using ( SqlCommand Cmd = Conn . CreateCommand())
{
Cmd . CommandText = "select * from TB_Users where passport=@UN and password=@PWD";
Cmd . Parameters . Add( new SqlParameter( "UN" , Passport));
Cmd . Parameters . Add( new SqlParameter( "PWD" , Password));
if ( 1 == Cmd . ExecuteNonQuery())
Console . WriteLine( "登陆成功!");
else
Console . WriteLine( "登陆失败!");
}
}
Console . ReadKey(); //防止控制台程序一闪而过、而看不到输出结果
}
}
}
{
class Program
{
//数据库连接字符串、根据实际修改
private const string ConnectionString = @"Data Source=|DataDirectory|\Database1.sdf";
static void Main( string [] args)
{
//获取用户输入的内容
Console . WriteLine( "请输入用户名");
string Passport = Console . ReadLine();
Console . WriteLine( "请输入密码");
string Password = Console . ReadLine();
using ( SqlConnection Conn = new SqlConnection( ConnectionString))
{
Conn . Open(); //打开数据库
using ( SqlCommand Cmd = Conn . CreateCommand())
{
Cmd . CommandText = "select * from TB_Users where passport=@UN and password=@PWD";
Cmd . Parameters . Add( new SqlParameter( "UN" , Passport));
Cmd . Parameters . Add( new SqlParameter( "PWD" , Password));
if ( 1 == Cmd . ExecuteNonQuery())
Console . WriteLine( "登陆成功!");
else
Console . WriteLine( "登陆失败!");
}
}
Console . ReadKey(); //防止控制台程序一闪而过、而看不到输出结果
}
}
}