C# 在以下两个示例中参数化SQL查询
在下面这样的情况下,您将如何参数化SQL查询,特别是当插入预订实际发生在不同的方法中时C# 在以下两个示例中参数化SQL查询,c#,mysql,parameters,C#,Mysql,Parameters,在下面这样的情况下,您将如何参数化SQL查询,特别是当插入预订实际发生在不同的方法中时 // situation 1 for (var i = 0; i < bidList.Count; i++) { var position = i + 1; bidList[i].Position = position.ToString(); query = "UPDATE bid SET position='" + position + "' WHER
// situation 1
for (var i = 0; i < bidList.Count; i++)
{
var position = i + 1;
bidList[i].Position = position.ToString();
query = "UPDATE bid SET position='" + position + "' WHERE status='queued' AND postcode='" + _plot +
"' AND operator_id='" + bidList[i].OperatorId + "';";
dbObject.InsertBooking(query);
}
// situation 2
foreach (BidList t in bidList)
{
query = "SELECT operator_id, plot_id, status FROM booking " +
"WHERE status='open' AND postcode='" + _plot + "' AND operator_id='0'" +
"ORDER BY datetime ASC;" +
"UPDATE booking SET operator_id='" + t.OperatorId + "', status='allocated' " +
"WHERE (plot_id=" + t.PlotId + " AND operator_id='0' AND status='open') LIMIT 1;";
dbObject.InsertBooking(query);
}
// insert booking query
public void InsertBooking(string query)
{
try
{
OpenConnection();
// Create mysql command
var cmd = new MySqlCommand();
// Assign the query using CommandText
cmd.CommandText = query;
// Assign the connection using Connection
cmd.Connection = _connection;
// Execute query
cmd.ExecuteNonQuery();
CloseConnection();
}
catch (SystemException ex)
{
MessageBox.Show(ex.ToString(), "Error", MessageBoxButton.OK, MessageBoxImage.Error);
}
}
用那种方法,你不能。有一个单独的方法,可以传递带有参数的SqlCommand对象,也可以创建一个方法来接受查询字符串和参数集合。然后构建您的命令并在方法中将参数附加到该命令。确定有意义-我决定这样做:。你怎么认为?