如何在使用時向SQL添加參數

Question

鑑於此C＃代碼片段，如何在SQL查詢中使用C＃變量？我明白做這件事的最好方法是使用「參數」，我已經看了很多例子，但到目前爲止我不能「把它放在一起」。

... 
using MySql.Data.MySqlClient; 

     public partial class Form1 : Form 
     { 
      private string server; 
      private string database; 
      private string uid; 
      private string password; 
      private MySqlConnection connection; 

      public Form1() 
      { 
       InitializeComponent(); 
      } 

      private void Form1_Load(object sender, EventArgs e) 
      { 

       webBrowser1.Navigate("127.0.0.1/box3.php"); 

       server = "localhost"; 
       database = "realestate_db"; 
       uid = "root"; 
       password = ""; 
       string connectionString; 
       connectionString = "SERVER=" + server + ";" + "DATABASE=" + database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";"; 

       connection = new MySqlConnection(connectionString); 
       connection.Open(); 
       MySqlDataAdapter mySqlDataAdapter; 
       mySqlDataAdapter = new MySqlDataAdapter("SELECT `ID`, `lat` , `long` FROM `house` ", connection); // want to uses a C# variable in this SQL query 

       DataSet DS = new DataSet(); 
       mySqlDataAdapter.Fill(DS); 
       dataGridView1.DataSource = DS.Tables[0]; 

      } 
    ....  

Thanks. 

Answer 1

從MySqlDataAdapter

public static MySqlDataAdapter CreateCustomerAdapter(MySqlConnection conn) 
    { 
    MySqlDataAdapter da = new MySqlDataAdapter(); 
    MySqlCommand cmd; 
    MySqlParameter parm; 
    // Create the SelectCommand. 
    cmd = new MySqlCommand("SELECT * FROM mytable WHERE id=?id AND name=?name", conn); 
    cmd.Parameters.Add("?id", MySqlDbType.VarChar, 15); 
    cmd.Parameters.Add("?name", MySqlDbType.VarChar, 15); 
    da.SelectCommand = cmd; 
    // Create the InsertCommand. 
    cmd = new MySqlCommand("INSERT INTO mytable (id,name) VALUES (?id,?name)", conn); 
    cmd.Parameters.Add("?id", MySqlDbType.VarChar, 15, "id"); 
    cmd.Parameters.Add("?name", MySqlDbType.VarChar, 15, "name"); 

    da.InsertCommand = cmd; 
    return da; 
    } 

Answer 2

這是一個很常見的問題的重複，我使用的代碼複製，並從另一篇文章中描述粘貼，鏈接在這裏Creating and then working with parameters in queries。您可以在dataadapter Select命令或add方法上使用addWithValue方法。

da = new MySqlDataAdapter("SELECT `ID`, `lat` , `long` FROM `house` where `ID` = ?ID", connection); 
// As most are suggesting Create the parameters with the Add Method, Passing the MySqlDbType 
da.SelectCommand.Parameters.Add("?ID",MySqlDbType.Int32).Value = ID; 
// Can also Use AddWithValue Method as well 
da.SelectCommand.Parameters.AddWithValue("?ID",<Your Variable>); 

Answer 3

首先，抽象的所有數據訪問出它自己的類或組件：

public class DAL 
{ 

    private string server = "localhost"; 
    private string database = "realestate_db"; 
    private string uid = "root"; 
    private string password = ""; 
    private string connectionString = "SERVER=" + server + ";" + "DATABASE=" + database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";"; 

    public DataSet GetHouse(int ID) 
    { 
     //... 
    } 
} 

然後您現有的代碼將調用這個方法：

public DataSet GetHouse(int ID) 
{ 
    string sql = "SELECT `ID`, `lat` , `long` FROM `house` WHERE ID= ?ID "; 
    DataSet result = new DataSet(); 

    using (var cn = new MySqlConnection(connectionString)) 
    using (var cmd = new MySqlCommand(sql, cn)) 
    using (var da = new MySqlDataAdapter(cmd)) 
    { 
     cmd.Parameters.Add("?ID", MySqlDbType.Int32).Value = ID; 

     da.Fill(result); 
    } 
    return result; 
}