cmd.CommandText = "select * from t_user where name=@nm and tt=@test";
cmd.Parameters.AddWithValue("@nm","admin");
cmd.Parameters.AddWithValue("@test","t1");
SqlDataReader dr = cmd.ExecuteReader();
可以换成这样么,设置参数互换顺序
cmd.CommandText = "select * from t_user where name=@nm and tt=@test";
cmd.Parameters.AddWithValue("@test","t1");
cmd.Parameters.AddWithValue("@nm","admin");
SqlDataReader dr = cmd.ExecuteReader();
谢谢老师的回答
md.CommandText = "select * from t_user where name=@nm and tt=@test";
cmd.Parameters.AddWithValue("@nm","admin");
cmd.Parameters.AddWithValue("@test","t1");
SqlDataReader dr = cmd.ExecuteReader();
可以换成这样么,设置参数互换顺序
cmd.CommandText = "select * from t_user where name=@nm and tt=@test";
cmd.Parameters.AddWithValue("@test","t1");
cmd.Parameters.AddWithValue("@nm","admin");
SqlDataReader dr = cmd.ExecuteReader();
老师上面,两条查询,是互换了顺序,原本目标如nm"="admin",@test"="t1",以为上面条部分语句查询结果是一样的,然而,第一条等于md.CommandText = "select * from t_user where name='nm' and tt='t1'",第二条等于md.CommandText = "select * from t_user where name='t1' and tt='admin'",感觉是按照参数的顺序注入了sql查询语句中,请老师指教,哪里出错了,还是原本就是这样的用法
用法没有错。只看你发出来的代码的话,不应该有这个问题。因为AddWithValue方法显式指定了所添加参数的参数名。无论参数添加的顺序如何,赋值一定只会赋到指定的参数上。
在cmd.CommandText = "select * from t_user where name=@nm and tt=@test";
这句之后,紧跟着插入一句
cmd.Parameters.Clear();
试试看。
ado_cmd.CommandText = "select * from 检查结果 where t1=@t1 and t2=@t2"
Dim para As OleDbParameter
para = ado_cmd.CreateParameter
para.ParameterName = "@t2"
para.DbType = DbType.String
para.Value = "2"
ado_cmd.Parameters.Add(para)
para = ado_cmd.CreateParameter
para.ParameterName = "@t1"
para.DbType = DbType.String
para.Value = "1"
ado_cmd.Parameters.Add(para)
ado_cmd.ExecuteNonQuery()
ado_reader = ado_cmd.ExecuteReader
While ado_reader.Read
MsgBox(ado_reader(5))
End While
按目标是想查询ado_cmd.CommandText = "select * from 检查结果 where t1='1' and t2='2'",然而查询的结果是ado_cmd.CommandText = "select * from 检查结果 where t1='2' and t2='1'"的结果
连接数据库代码: private SqlConnection con = null; public void OpenConnection(string connectionString) { con = new SqlConnection(); con.ConnectionString = conn...
SqlConnection con = new SqlConnection("server=(local);Integrated Security=True;database=varatis"); SqlParameter[] str = new SqlParameter[]{ ... new SqlParameter("@name",SqlDbType....