62,244
社区成员




select * from 表 where 列=@a and 列=@b
dbase.AddInParameter(cmd, "@a", DbType.String, a);
dbase.AddInParameter(cmd, "@b", DbType.String, b);
string str=select * from 表 where 列=@a and 列=@b
public static DataSet abc(object strSql,object a=null,object b=null,object c=null,object d=null,object e=null,object f=null,object g=null ......)
{
DbCommand cmd = Public.dbase.GetSqlStringCommand(strSql);
Public.dbase.AddInParameter(cmd, "@a", GetDbType(a), a);
Public.dbase.AddInParameter(cmd, "@b", GetDbType(b), b);
Public.dbase.AddInParameter(cmd, "@c", GetDbType(c), c);
Public.dbase.AddInParameter(cmd, "@d", GetDbType(d), d);
Public.dbase.AddInParameter(cmd, "@e", GetDbType(e),e);
Public.dbase.AddInParameter(cmd, "@f", GetDbType(f), f);
Public.dbase.AddInParameter(cmd, "@g", GetDbType(g),g);
............
try
{
DataSet dst = db.ExecuteDataSet(cmd);
return dst;
}
catch
{
return null;
}
}
private DbType GetDbType(object Type)
{
if(Type.GetType().ToString()=="string")
{
retrun DbType.String;
}
.....
}
sql.Exec("select * from test where c1 like '''?' and c2 = ? and c3 = ?", 1, 2);
不是拼接 SQL 的,使用的参数化查询,AddInParameter 方法已经在模块里面封装。
有时间我开源出来。
public static DataSet abc(string strSql, params object[] arg)
{
Database db = DatabaseFactory.CreateDatabase("BusinessDb");
DbCommand cmd = db.GetSqlStringCommand(strSql);
try
{
for (int i = 0; i < arg.Length; i++)
{
db.AddInParameter(cmd, "@a" + i, DbType.String, arg[i]); //在写个方法 DbType 类型取出来
}
DataSet dst = db.ExecuteDataSet(cmd);
return dst;
}
catch
{
return null;
}
}