存储过程两种写法,一种不行??
通过日记时间得到日记本的所有记录
CREATE procedure getdiarybook
@createDate1 varchar(10)
as
if @createDate1=''
select * from
diarybook
where convert(varchar(10),CreateDate)=(select convert(varchar(10),max(CreateDate)) as ss from diarybook)
order by DiaryID desc
else
select * from
diarybook
where
(select CONVERT(varchar(10),CreateDate,120))=@createDate1
order by
CreateDate desc
GO
在cs里写的方法
public DataSet GetDiaryBook(string createdate)
{
SqlConnection cn = new SqlConnection(ConfigurationSettings.AppSettings["connectionstring"]);
SqlDataAdapter da = new SqlDataAdapter("getdiarybook '"+createdate+"'" , cn);
DataSet ds = new DataSet();
da.Fill(ds, "mytable1");
cn.Close();
return ds;
}
这样就可以调用过程成功.但这样不安全
换成第2种方法写
public DataSet GetDiaryBook(string createdate)
{
SqlConnection cn = new SqlConnection(ConfigurationSettings.AppSettings["connectionstring"]);
SqlDataAdapter da = new SqlDataAdapter("getdiarybook " , cn);
da.SelectCommand.CommandType = CommandType.StoredProcedure();
da.SelectCommand.Parameters.Add("@createDate1",SqlDbType.VarChar,10).Value=createdate;
DataSet ds = new DataSet();
da.Fill(ds, "mytable1");
cn.Close();
return ds;
}
老是说"需要参数@createDate1,但参数明明是写了的?不知道什么原因?
高人看看