将参数传递到 SqlCommand 时出现问题
Problems Passing Parameters into SqlCommand
我在将参数传递给 SqlCommand 的 SQL 字符串时遇到问题。当我使用选项 1(见下文)时,代码有效。当我使用选项 2 时,它不起作用。我不确定如何让 .AddWithValue 方法与 SqlCommand.
一起使用
如有任何帮助,我们将不胜感激!
private string [] GetOrderInfo (string folder)
{
string [] order = new string [] { "date", "order#", "storeid", "storename", "username" };
using (SqlConnection conn = new SqlConnection (_connectionString))
{
conn.Open ();
// Option 1: this line works.
//string sql = "select * from OrderProduct where OrderProductID=26846";
// Option 2: this line doesn't work.
string sql = "select * from OrderProduct where OrderProductID=@folder;";
using (SqlCommand command = new SqlCommand (sql, conn))
{
command.Parameters.AddWithValue ("@folder", folder);
using (SqlDataReader reader = command.ExecuteReader ())
{
while (reader.Read ())
order [1] = Convert.ToString (reader.GetInt32 (1));
}
}
conn.Close ();
} // using (SqlConnection conn = new SqlConnection (connectionString))
return order;
}
尝试使用
Command.Parameters.Add("@folder",SqlDbType.Varchar).Value = folder;
您可以试试:
using (SqlCommand command = new SqlCommand("select * from OrderProduct where OrderProductID=@folder", conn))
{
command.Parameters.Add(new SqlParameter("@folder", folder));
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
order[1] = Convert.ToString(reader.GetInt32(1));
}
}
AddWithValue 方法使用值的类型来定义正确的 SqlDbType。因此,如果您的字段 OrderProductID 的类型为 INT,您需要添加一个 int.
样本:
command.Parameters.AddWithValue ("@folder", 26846);
另一种简单的方法是使用像 SqlDatabaseCommand or Dapper.
这样的简单对象映射器
using (var cmd = new SqlDatabaseCommand(_connection))
{
cmd.CommandText.AppendLine(" SELECT * ")
.AppendLine(" FROM EMP ")
.AppendLine(" WHERE EMPNO = @EmpNo ")
.AppendLine(" AND HIREDATE = @HireDate ");
cmd.Parameters.AddValues(new
{
EmpNo = 7369,
HireDate = new DateTime(1980, 12, 17)
});
var emps = cmd.ExecuteTable<Employee>();
}
我在将参数传递给 SqlCommand 的 SQL 字符串时遇到问题。当我使用选项 1(见下文)时,代码有效。当我使用选项 2 时,它不起作用。我不确定如何让 .AddWithValue 方法与 SqlCommand.
如有任何帮助,我们将不胜感激!
private string [] GetOrderInfo (string folder)
{
string [] order = new string [] { "date", "order#", "storeid", "storename", "username" };
using (SqlConnection conn = new SqlConnection (_connectionString))
{
conn.Open ();
// Option 1: this line works.
//string sql = "select * from OrderProduct where OrderProductID=26846";
// Option 2: this line doesn't work.
string sql = "select * from OrderProduct where OrderProductID=@folder;";
using (SqlCommand command = new SqlCommand (sql, conn))
{
command.Parameters.AddWithValue ("@folder", folder);
using (SqlDataReader reader = command.ExecuteReader ())
{
while (reader.Read ())
order [1] = Convert.ToString (reader.GetInt32 (1));
}
}
conn.Close ();
} // using (SqlConnection conn = new SqlConnection (connectionString))
return order;
}
尝试使用
Command.Parameters.Add("@folder",SqlDbType.Varchar).Value = folder;
您可以试试:
using (SqlCommand command = new SqlCommand("select * from OrderProduct where OrderProductID=@folder", conn))
{
command.Parameters.Add(new SqlParameter("@folder", folder));
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
order[1] = Convert.ToString(reader.GetInt32(1));
}
}
AddWithValue 方法使用值的类型来定义正确的 SqlDbType。因此,如果您的字段 OrderProductID 的类型为 INT,您需要添加一个 int.
样本:
command.Parameters.AddWithValue ("@folder", 26846);
另一种简单的方法是使用像 SqlDatabaseCommand or Dapper.
这样的简单对象映射器using (var cmd = new SqlDatabaseCommand(_connection))
{
cmd.CommandText.AppendLine(" SELECT * ")
.AppendLine(" FROM EMP ")
.AppendLine(" WHERE EMPNO = @EmpNo ")
.AppendLine(" AND HIREDATE = @HireDate ");
cmd.Parameters.AddValues(new
{
EmpNo = 7369,
HireDate = new DateTime(1980, 12, 17)
});
var emps = cmd.ExecuteTable<Employee>();
}