我想在Visual Studio中編寫所有插入,選擇和刪除查詢,但我不知道如何編寫它們。如何在Visual Studio中編寫SQL查詢?
SqlConnection con = new SqlConnection("Data Source=5CG50749V3\\SQLEXPRESS;Initial Catalog=test;Integrated Security=True");
con.Open();
SqlCommand cmd = new SqlCommand("INSERT INTO backup(Option,EquipmentID,SerialNumber,Description,Location,DueDate,DaytoDue,EquipmentWithdraworRemarks,NCRorOOTHistory,LastOOTissuanceDate,AvailableinSapphire,ResponsiblePerson,CalibrationOption,CalibrationSourceorLab,YearofManufacturing,ManufacturerorVendor,CalibrationCost,AssetNo,CalibrationTAT,SendInDate,Status), SELECT * FROM Equipment where (SerialNumber = '" + TextBox2.Text + "' or EquipmentID = '" + TextBox1.Text + "'), DELETE FROM Equipment where (SerialNumber = '" + TextBox2.Text + "' or EquipmentID = '" + TextBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
使用參數請... –
[SQL注入警報(http://msdn.microsoft.com/en-us/library/ms161953 %28v = sql.105%29.aspx) - 你應該不**連接你的SQL語句 - 使用**參數化查詢**來代替以避免SQL注入 –
改爲使用** Entity Framework **,不必再自己寫SQL了! –