Name: Cngothic 
17th
2008,08
Ado.net 介绍:使用参数化查询
以get方式传递参数.后获取参数当作条件合并到SQL语句中.查询想要的数据.
URL表现形式:http://www.cngothic.com/search.aspx?customerid=TOMSP
代码如下:
- SqlConnection conn = new SqlConnection();
- conn.ConnectionString = ConfigurationManager.ConnectionStrings["strcon"].ConnectionString;
- conn.Open();
- //打开数据库
- string SqlStr;
- SqlStr = "SELECT OrderID,CustomerID,OrderDate,EmployeeID FROM Orders WHERE CustomerID=@CustomerID";
- //带参数的SQL语句
- SqlCommand SqlCmd = new SqlCommand(SqlStr, conn);
- SqlCmd.Parameters.AddWithValue"("@CustomerID", TOMSP");
- //在customerid参数没有值的情况下为其赋个值为:TOMSP
- SqlDataReader redr = SqlCmd.ExecuteReader();
- while (redr.Read())
- {
- Response.Write(redr["OrderID"] + "<br />");
- Response.Write(Request.QueryString["CustomerID"]);
- }
代码中的两个知识点:
1:带参数的SQL语句.来接收条件.
2:AddWithValue方法生成一个新的SqlParameter对象,并设置新对象的ParameterName和Value属性.
完整代码:
- SqlCommand SqlCmd = new SqlCommand();
- SqlParameter par;
- par = SqlCmd.Parameters.AddWithValue("@CustomerID", "TOMSP");
- par = new SqlParameter();
- par.ParameterName = "@CustomerID";
- par.value = "TOMSP";
- SqlCmd.Parameters.Add(par);
.text:''):(d.getSelection?d.getSelection():'');void(keyit=window.open('http://my.poco.cn/fav/storeIt.php?t='+escape(d.title)+'&u='+escape(d.location.href)+'&c='+escape(t)+'&img=http://www.h-strong.com/blog/logo.gif','keyit','scrollbars=no,width=475,height=575,status=no,resizable=yes'));keyit.focus(); "添加到POCO网摘"){kind=logo}
08 22nd, 2008 at 9:17 pm edit
SqlCmd.Parameters.AddWithValue”(”@CustomerID”, TOMSP”);
==
SqlParameter par;
par = SqlCmd.Parameters.AddWithValue(”@CustomerID”, “TOMSP”);
par = new SqlParameter();
par.ParameterName = “@CustomerID”;
par.value = “TOMSP”;
SqlCmd.Parameters.Add(par);