这个在查询中经常遇到,如JDBC、ADO.NET。关键在于使用三引号把变量加进去。
通用简单模型(User表,UId为主键名):
//要查询的变量
string Uid = "1234";
//生成查询的字符串
string SqlStr = "select * from User where UId = '"+ Uid +'"" ;
拿Sql Server+ADO.NET为例子:
string connStr = @"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Database1.mdf;Integrated Security=True";
SqlConnection conn = new SqlConnection(connStr);
try
{
conn.Open();
string sqlselect;
if (Session["CurrentUser"] != null)
{
sqlselect = "select * from UserTable where UId='" + Session["CurrentUser"] + "'";
SqlCommand cmd = new SqlCommand(sqlselect, conn);
SqlDataReader reder = cmd.ExecuteReader();
reder.Read();
if (reder["Psd"] != null)
{
SexLbl.Text = reder["Psd"].ToString();
}
}
}
catch(Exception ee)
{
Response.Write(ee.ToString());
}
finally
{
conn.Close();
}