110,546
社区成员
发帖
与我相关
我的任务
分享怎样把下面的非参数化查询sql查询改成参数化查询
怎样把下面的非参数化查询sql查询改成参数化查询
string sql="select * from userid.users where id='"+TextBoxName.Text+"'";
objConn=new OleDbConnection(Constant.strConn);
objCmd = new OleDbCommand(sql, objConn);
try //扑捉异常错误
{
objConn.Open();
objReader = objCmd.ExecuteReader();
while (objReader.Read())
{
strname=objReader["id"].ToString();
strpwd=objReader["pwd"].ToString();
}
objReader.Close();
}
catch
{
Response.Write ("<script defer>alert(\"数据库错误! \");</script>");
return;
}
finally
{
objConn.Close();
}
string sql="select * from userid.users where id='"+TextBoxName.Text+"'";
objConn=new OleDbConnection(Constant.strConn);
objCmd = new OleDbCommand(sql, objConn);
try //扑捉异常错误
{
objConn.Open();
objReader = objCmd.ExecuteReader();
while (objReader.Read())
{
strname=objReader["id"].ToString();
strpwd=objReader["pwd"].ToString();
}
objReader.Close();
}
catch
{
Response.Write ("<script defer>alert(\"数据库错误! \");</script>");
return;
}
finally
{
objConn.Close();
}
...全文
请发表友善的回复…
发表回复
LA003 2003-12-10
- 打赏
- 举报
见识
wjhs 2003-12-10
- 打赏
- 举报
up
wwl1981 2003-12-09
- 打赏
- 举报
string sql="select * from userid.users where id=@id";
objConn=new OleDbConnection(Constant.strConn);
objCmd = new OleDbCommand(sql, objConn);
SqlParameter pid = new SqlParameter("@id",SqlDbType.VarChar);
pid.value = TextBoxName.Text;
objCmd.Parameter.Add(pid);
try //扑捉异常错误
{
objConn.Open();
objReader = objCmd.ExecuteReader();
while (objReader.Read())
{
strname=objReader["id"].ToString();
strpwd=objReader["pwd"].ToString();
}
objReader.Close();
}
catch
{
Response.Write ("<script defer>alert(\"数据库错误! \");</script>");
return;
}
finally
{
objConn.Close();
}
objConn=new OleDbConnection(Constant.strConn);
objCmd = new OleDbCommand(sql, objConn);
SqlParameter pid = new SqlParameter("@id",SqlDbType.VarChar);
pid.value = TextBoxName.Text;
objCmd.Parameter.Add(pid);
try //扑捉异常错误
{
objConn.Open();
objReader = objCmd.ExecuteReader();
while (objReader.Read())
{
strname=objReader["id"].ToString();
strpwd=objReader["pwd"].ToString();
}
objReader.Close();
}
catch
{
Response.Write ("<script defer>alert(\"数据库错误! \");</script>");
return;
}
finally
{
objConn.Close();
}
zhpsam109 2003-12-09
- 打赏
- 举报
给你参考一下!
OleDbCommand insertCom=new OleDbCommand();
insertCom.CommandText="insert into insurance(name,specify,yearnumber,typeworkid,sumorwin) values(?,?,?,?,?) ";
insertCom.Parameters.Add(new OleDbParameter("@name",OleDbType.VarChar,100,"name"));
insertCom.Parameters.Add(new OleDbParameter("@specify",OleDbType.VarChar,100,"specify"));
insertCom.Parameters.Add(new OleDbParameter("@yearnumber",OleDbType.Integer,100,"yearnumber"));
insertCom.Parameters.Add(new OleDbParameter("@typeworkid",OleDbType.VarChar,50,"typeworkid"));
insertCom.Parameters.Add(new OleDbParameter("@sumorwin",OleDbType.VarChar,10,"sumorwin"));
insertCom.Parameters[0].Value=txtBox1.Text.Trim();
insertCom.Parameters[1].Value=txtBox2.Text.Trim();
insertCom.Parameters[2].Value=int.Parse(txtBox3.Text.Trim());
insertCom.Parameters[3].Value=typeworkid;
insertCom.Parameters[4].Value=cmBox2.Text;
insertCom.Connection=oleCon;
if(oleCon.State==System.Data.ConnectionState.Closed)
{
oleCon.Open();
}
insertCom.ExecuteNonQuery();
OleDbCommand insertCom=new OleDbCommand();
insertCom.CommandText="insert into insurance(name,specify,yearnumber,typeworkid,sumorwin) values(?,?,?,?,?) ";
insertCom.Parameters.Add(new OleDbParameter("@name",OleDbType.VarChar,100,"name"));
insertCom.Parameters.Add(new OleDbParameter("@specify",OleDbType.VarChar,100,"specify"));
insertCom.Parameters.Add(new OleDbParameter("@yearnumber",OleDbType.Integer,100,"yearnumber"));
insertCom.Parameters.Add(new OleDbParameter("@typeworkid",OleDbType.VarChar,50,"typeworkid"));
insertCom.Parameters.Add(new OleDbParameter("@sumorwin",OleDbType.VarChar,10,"sumorwin"));
insertCom.Parameters[0].Value=txtBox1.Text.Trim();
insertCom.Parameters[1].Value=txtBox2.Text.Trim();
insertCom.Parameters[2].Value=int.Parse(txtBox3.Text.Trim());
insertCom.Parameters[3].Value=typeworkid;
insertCom.Parameters[4].Value=cmBox2.Text;
insertCom.Connection=oleCon;
if(oleCon.State==System.Data.ConnectionState.Closed)
{
oleCon.Open();
}
insertCom.ExecuteNonQuery();
