1. 首頁
  2. 問答
  3. 如何使用SqlDataReader在c#中的參數化查詢?

如何使用SqlDataReader在c#中的參數化查詢?

2017-10-05 66 views
-1

我正在查看參數化查詢問題我無法找到使用SqlDataReader和參數化查詢來填充下拉列表的示例。眼下如何使用SqlDataReader在c#中的參數化查詢?

我可以填充我下拉就好在這裏用我的代碼

if (!this.IsPostBack) 
{ 
    using (SqlConnection con = new SqlConnection(SQLConnectionString)) 
    { 
     System.Data.SqlClient.SqlCommand go = new System.Data.SqlClient.SqlCommand(); 

     con.Open(); 
     go.Connection = con; 
     go.CommandText = "SELECT InsuredID, FirstName, LastName FROM [Lab2].[dbo].[INSURED]"; 
     go.ExecuteNonQuery(); 

     SqlDataReader readIn = go.ExecuteReader(); 

     while (readIn.Read()) 
     { 
      ddlHomeInsuredID.Items.Add(
       new ListItem(readIn["InsuredID"].ToString() + " : " + readIn["FirstName"].ToString() 
       + " " + readIn["LastName"].ToString())); 
     } 

     con.Close(); 

     ddlHomeInsuredID.Items.Insert(0, new ListItem("--Select InsuredID--", "0")); 
    } 
}

不過,我想使這個select語句的參數。我怎樣才能做到這一點? 我舒適的參數插入語句如下所示:

using (SqlConnection connection = new SqlConnection(SQLConnectionString)) 
{ 
    SqlCommand command = new SqlCommand(); 
    command.Connection = connection; 
    command.CommandType = System.Data.CommandType.Text; 

    command.CommandText = @"INSERT INTO [Lab2].[dbo].[INSURED] ([FirstName], [LastName], [MI], [DateOfBirth], 
[CreditScore], [AddressID], [DriversLicenseNumber], [LastUpdatedBy], [LastUpdated]) VALUES 
(@firstName, @lastName, @middleInitial, @dateOfBirth, @creditScore, @addressID, 
@driversLicenseNumber, @lastUpdatedBy, @lastUpdated)"; 

    command.Parameters.Add("@firstName", SqlDbType.VarChar, 20).Value = Insured.insuredArr[j].getFirstName(); 
    command.Parameters.Add("@lastName", SqlDbType.VarChar, 30).Value = Insured.insuredArr[j].getLastName(); 
    command.Parameters.Add("@middleInitial", SqlDbType.Char, 1).Value = Insured.insuredArr[j].getMiddleInitial(); 
    command.Parameters.Add("@dateOfBirth", SqlDbType.VarChar, 30).Value = Insured.insuredArr[j].getDateOfBirth(); 
    command.Parameters.Add("@creditScore", SqlDbType.Int).Value = Insured.insuredArr[j].getCreditScore(); 
    command.Parameters.Add("@addressID", SqlDbType.Int).Value = Insured.insuredArr[j].getAddressID(); 
    command.Parameters.Add("@driversLicenseNumber", SqlDbType.VarChar, 30).Value = Insured.insuredArr[j].getDriversLicenseNumber(); 
    command.Parameters.Add("@lastUpdatedBy", SqlDbType.VarChar, 20).Value = Insured.insuredArr[j].getLastUpdatedBy(); 
    command.Parameters.Add("@lastUpdated", SqlDbType.Date).Value = Insured.insuredArr[j].getLastUpdated(); 

    connection.Open(); 
    command.ExecuteNonQuery(); 
    connection.Close(); 
} 

MsgBox("Record(s) inserted into database", this.Page, this);

那麼,如何才能讓我喜歡第二個例子中第一個查詢?

感謝

nammrick

來源

2017-10-05 nammrick

+0

我不知道,但我可以probabky工作,這也使谷歌搜索你...你確定你應該有'go.ExecuteNonQuery(); '在那裏 - 我不認爲它在這種情況下做任何事情。 –

+0

下面是「使用篩選條件執行SQL查詢」下的示例:https://www.aspsnippets.com/Articles/Parameterized-Queries-ADO.Net.aspx –

+0

是的,它執行select語句 – nammrick

回答

4

首先,ExecuteNonQuery()方法的使用不是有效的SELECT查詢,只需用ExecuteReader()堅持,因爲要返回查詢結果。這是ExecuteNonQuery方法的用法說明:

可以使用ExecuteNonQuery來執行目錄操作( 例如,查詢數據庫的結構或創建數據庫 對象,如表),或改變數據在沒有 的數據庫中使用DataSet執行UPDATE,INSERT或DELETE語句

修改後的查詢流程應該是這樣的:

using (SqlConnection con = new SqlConnection(SQLConnectionString)) 
{ 
    SqlCommand go = new SqlCommand(); 

    con.Open(); 
    go.Connection = con; 
    go.CommandText = "SELECT InsuredID, FirstName, LastName FROM [Lab2].[dbo].[INSURED]"; 

    SqlDataReader readIn = go.ExecuteReader(); 
    while (readIn.Read()) 
    { 
     // reading data from reader 
    } 

    con.Close(); 

    // other stuff 
}

如果你想使用參數化查詢SELECT語句,你至少需要一列(和一個參數名稱)被列入WHERE條款(見下例):

SELECT InsuredID, FirstName, LastName FROM [Lab2].[dbo].[INSURED] WHERE InsuredID = @InsuredID

然後,可以使用SqlParameter到參數值傳遞到上述查詢:

using (SqlConnection con = new SqlConnection(SQLConnectionString)) 
{ 
    System.Data.SqlClient.SqlCommand go = new System.Data.SqlClient.SqlCommand(); 

    con.Open(); 
    go.Connection = con; 
    go.CommandText = "SELECT InsuredID, FirstName, LastName FROM [Lab2].[dbo].[INSURED] WHERE InsuredID = @InsuredID"; 
    go.Parameters.Add("@InsuredID", SqlDbType.Int).Value = 1; // example value for parameter passing 

    SqlDataReader readIn = go.ExecuteReader(); 
    while (readIn.Read()) 
    { 
     // reading data from reader 
    } 

    con.Close(); 

    // other stuff 
}

注意:避免在同一時間通過SELECT語句相同的活動連接填充數據進行INSERT/UPDATE/DELETE操作,先前的連接,應先執行另一個查詢之前關閉。

更多的例子:

How to use string variable in sql statement

How to use sql parameters for a select query?

來源

2017-10-05 03:51:11

相關問題

 相關問題