1. 首頁
  2. 問答
  3. 指定select語句的變量和重用在其他查詢asp.net C#

指定select語句的變量和重用在其他查詢asp.net C#

2014-02-10 13 views
-3

我工作的大的查詢中,我是重用相同的select語句的4倍所以在這裏,我想設置一些慢查詢結果一個變量'var_sql',所以我可以在其他查​​詢中再次使用它們。指定select語句的變量和重用在其他查詢asp.net C#

爲如:

string var_sql = "select Session_Id from sessions where UserId='" 
       + Session["userid"].ToString() + "'"; 

SqlCommand command 
= new SqlCommand("Select distinct right(start_time,7) as st_time, right(end_time,7) as ed_time from Session_Info where CourseName = '" 
+ coursename.SelectedValue 
+ "' and Session_Id not in (select Session_Id from sessions where UserId='" 
+ Session["userid"].ToString() + "') and start_time not in (select start_time from Session_Info where Convert(varchar,start_time, 108) between (select right(start_time,7) from Session_Info where Session_Id in (var_sql)) and (select right(dateadd(minute,-1,end_time),7) from Session_Info where Session_Id in (var_sql))) and end_time not in (select end_time from Session_Info where Convert(varchar,end_time, 108) between (select right(dateadd(minute,+1,start_time),7) from Session_Info where Session_Id in (var_sql)) and (select right(end_time,7) from Session_Info where Session_Id in (var_sql))) ", 
connection);

看到我用同樣的var_sql四個地方..在這裏,我已經試過這樣的,但它不是工作很好..誰能幫助我嗎?

來源

2014-02-10 user3273950

+0

在一個方式是不是工作正常嗎? – JLRishe

+0

請說明是什麼問題。「它工作不正常」不會告訴我們什麼是y您期望/您希望代碼如何工作。在懷疑有問題的地方提供部分代碼。在第二個查詢中代替(@select_ID),代替 – semao

+0

。我想在那裏使用分配的變量(var_sql)。 – user3273950

回答

1

您不應該使用字符串連接來創建查詢,因爲它很容易發生SQL注入(see explanation)。另外請看this,這樣你下次不會忘記它。有趣的事情比任何事情都牢記在心。

樂趣之餘,你應該完全重新設計你的查詢,並使用SqlParameter形成的命令。請參閱如何使用參數here

using (SqlCommand command = new SqlCommand("SELECT * FROM Dogs1 WHERE Name LIKE @Name", connection)) 
{ 
    command.Parameters.Add(new SqlParameter("Name", dogName)); 
    //...do your stuff with command 
}

由於您沒有說明的要求,這是不可能給出一個建議如何重新設計查詢,但你應該嘗試加入Session_Id表本身。

編輯:

這是絕對不能做的(見我以前的評論爲什麼)正確的方法不對,但似乎你不想重新設計任何東西。正如我已經在評論說,你需要使用var_sql外面的雙引號(「」),這樣的var_sql內容添加到查詢,而不是變量本身的名稱。

這裏不用什麼:

string var_sql = "select Session_Id from sessions where UserId='" 
       + Session["userid"].ToString() + "'"; 
SqlCommand command 
= new SqlCommand("Select distinct right(start_time,7) as st_time, right(end_time,7) as ed_time from Session_Info where CourseName = '" 
+ coursename.SelectedValue 
+ "' and Session_Id not in (select Session_Id from sessions where UserId='" 
+ Session["userid"].ToString() + "') and start_time not in (select start_time from Session_Info where Convert(varchar,start_time, 108) between (select right(start_time,7) from Session_Info where Session_Id in (" + var_sql + ")) and (select right(dateadd(minute,-1,end_time),7) from Session_Info where Session_Id in (" + var_sql + "))) and end_time not in (select end_time from Session_Info where Convert(varchar,end_time, 108) between (select right(dateadd(minute,+1,start_time),7) from Session_Info where Session_Id in (" + var_sql + ")) and (select right(end_time,7) from Session_Info where Session_Id in (" + var_sql + "))) ", 
connection);

來源

2014-02-10 11:03:44

+1

這是一個很好的建議,但這不是問的問題。 – jomsk1e

+0

查詢設計不佳,這是問題來自何處。我建議重新設計查詢本身和使用'SqlParameters'以及 –

+0

您編輯答案的方式比較好你的第一次發佈的答案,我發表了評論。無論如何,評論意在改善這裏的答案。:) – jomsk1e

0

我的所有答覆非常感謝。特別是kaspars Ozols。 正如你所說我已經重新設計我的查詢並使用這樣的存儲過程。

創建過程b_timing

@UserId nvarchar(70), 
@CourseName varchar(max) 
) 
as 
begin 
declare @select_ID varchar(50)  
select @select_ID = Session_Id from sessions where [email protected] 
Select distinct right(start_time,7) as st_time, right(end_time,7) as ed_time from  Session_Info where CourseName = @CourseName and Session_Id not in (@select_ID) and start_time not in (select start_time from Session_Info where Convert(varchar,start_time, 108) between (select right(start_time,7) from Session_Info where Session_Id in (@select_ID)) and (select right(dateadd(minute,-1,end_time),7) from Session_Info where Session_Id in (@select_ID))) and end_time not in (select end_time from Session_Info where Convert(varchar,end_time, 108) between (select right(dateadd(minute,+1,start_time),7) from Session_Info where Session_Id in (@select_ID)) and (select right(end_time,7) from Session_Info where Session_Id in (@select_ID))) 
end

,並呼籲它在asp.net C#這樣

SqlConnection connection = new SqlConnection(strcon); 
    connection.Open(); 
SqlCommand command = new SqlCommand("b_timing", connection); 
    command.CommandType = CommandType.StoredProcedure; 
    command.Parameters.AddWithValue("@UserId", Session["userid"].ToString()); 
    command.Parameters.AddWithValue("@CourseName", coursename.SelectedValue); 
    SqlDataAdapter da = new SqlDataAdapter(command); 
    da.SelectCommand = command; 
    DataTable dt = new DataTable(); 
    da.Fill(dt); 
    dt.Columns.Add("timing", typeof(string), "st_time+' '+'To'+' '+ed_time"); 

    if (dt.Rows.Count > 0) 
    { 
     timing.DataSource = dt; 
     timing.DataTextField = "timing"; 
     timing.DataValueField = "timing"; 
     timing.DataBind(); 
     timing.Items.Insert(0, new ListItem("Choose Batch Timing", "0")); 
     timing.Visible = true; 
     timing.Focus(); 
    }

這是工作的罰款現在

來源

2014-02-11 11:21:27 user3273950

相關問題

 相關問題