SqlParameter 参数化查询,参数无法替换,求助,谢谢。
using System;using System.Collections.Generic;
using System.Configuration;
using System.Data.Sql;
using System.Data.SqlClient;
using System.Linq;
using System.Text;
using System.Data;
using System.Data.Common;
using System.Windows.Forms;
namespace WMS
{
class Access
{
public static string connStr = ConfigurationManager.ConnectionStrings["ConStr"].ConnectionString;
public static string dataDir = AppDomain.CurrentDomain.BaseDirectory;
public static void dataDirDeclare()
{
if ( dataDir.EndsWith(@"\bin\debug\")|| dataDir.EndsWith(@"\bin\release\"))
{
dataDir = System.IO.Directory.GetParent(dataDir).Parent.Parent.FullName;
AppDomain.CurrentDomain.SetData("DataDirectory",dataDir);
}
}
public Access()
{
dataDirDeclare();
}
public string getName(string userid)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand comm = conn.CreateCommand())
{
comm.CommandText = @"select username from userinfo where userid = @name ";
comm.Parameters.Add(new SqlParameter ("name",userid));
return Convert.ToString( comm.ExecuteScalar());
}
}
}
public bool login(string name, string password)
{
bool flag = false;
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand comm = conn.CreateCommand())
{
comm.CommandText = @"select count(*) from userinfo where userid = @name and password = @password";
comm.Parameters.Add(new SqlParameter ("name",name));
comm.Parameters.Add(new SqlParameter ("password",password));
int i = Convert.ToInt32(comm.ExecuteScalar());
if (i == 0)
{
flag = false;
}
else
{
flag = true;
}
}
}
return flag;
}
public bool querySql(string sql,params string[] s )
{
bool flag = false;
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand comm = conn.CreateCommand())
{
comm.CommandText = @"select userid,password from userinfo where userid = @userid and password = @password ";
comm.Parameters.Add(new SqlParameter("userid", "wj"));
comm.Parameters.Add(new SqlParameter("password", "111111"));
string userid = (string) comm.ExecuteScalar();
}
}
return flag;
}
}
}
------------------------
这个类里面 函数getName(),login() 在调用时都参数@都可以替换,但是函数querySql()在调用时参数死活都不替换,
请求帮忙解决,谢谢,非常感谢 --------------------编程问答-------------------- public bool querySql(string sql,params string[] s )
{
bool flag = false;
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand comm = conn.CreateCommand())
{
comm.CommandText = @"select userid,password from userinfo where userid = @userid and password = @password ";
comm.Parameters.Add(new SqlParameter("userid", "wj"));
comm.Parameters.Add(new SqlParameter("password", "111111"));
string userid = (string) comm.ExecuteScalar();
}
}
return flag;
} 就是这个函数。请帮忙分析分析 --------------------编程问答-------------------- 参数使用有很多方法的..甚至你用linq 连参数都省了.
系统报什么错? --------------------编程问答-------------------- ExecuteScalar 只能返回单行,单列的值。
select userid
comm.Parameters.AddWithValue("@userid", "wj");
comm.Parameters.AddWithValue("@password", "111111");
--------------------编程问答-------------------- 非常感谢, --------------------编程问答--------------------
字段加"[]",好习惯啊 --------------------编程问答--------------------
oyeah 就是没有写@
--------------------编程问答-------------------- 学习一下
补充:.NET技术 , C#