110,538
社区成员
发帖
与我相关
我的任务
分享
DataTable exdtc = xslcdata();
OleDbCommand deletecmd7 = new OleDbCommand("delete from 超卖盒子表", conn);
deletecmd7.ExecuteNonQuery();
for (int i = 0; i < exdtc.Rows.Count; i++)
{
string yz = exdtc.Rows[i][3].ToString();
string kts = exdtc.Rows[i][4].ToString();
if (yz != "")
{
OleDbCommand insertcmd7 = new OleDbCommand("insert into 超卖盒子表" +
" (盒子业种,盒子状态)" +
" values ('" + yz + "','" + kts + "')", conn);
insertcmd7.ExecuteNonQuery();
}
}
conn.Close();
break;
OleDbParameter[] parameters =
{
new OleDbParameter("@yz", exdtc.Rows[i][3].ToString()),
new OleDbParameter("@kts", exdtc.Rows[i][4].ToString())
};
OleDbCommand command = new OleDbCommand("insert into 超卖盒子表(盒子业种,盒子状态) values(@yz,@kts)", connection);
command.Parameters.AddRange(parameters);
参数化的SQL不香么?看起来也清晰明了