C# 在查询中动态传递值?
我的表Table1中有两列syntax和query。语法包含来自po_pomas_pur_order_hdr的名为po的数据和名为select*的查询,其中pomas_pono=。我通过使用C# 在查询中动态传递值?,c#,sql,C#,Sql,我的表Table1中有两列syntax和query。语法包含来自po_pomas_pur_order_hdr的名为po的数据和名为select*的查询,其中pomas_pono=。我通过使用 SqlDataAdapter da = new SqlDataAdapter("select query from Table1 where syntax = '" + textBox1.Text + "'", conn); 我的问题是,我需要在查询中动态传递另一个值,我使用dataadapter检索该值
SqlDataAdapter da = new SqlDataAdapter("select query from Table1 where syntax = '" + textBox1.Text + "'", conn);
SqlDataAdapter da1 = new SqlDataAdapter(da.tostring() +"'"+ textBox1.Text +"'", conn)
string query = null;
using (var command = new SqlCommand("select query from Table1 where syntax = @Syntax", conn))
{
command.Parameters.AddWithValue("@Syntax", textBox1.Text);
query = command.ExecuteScalar(); // this assumes only one query result is returned
}
string query;
using(var sqlCommand = new SqlCommand(
"select query from Table1 where syntax=@syntax", conn))
{
sqlCommand.Parameters.AddWithValue("syntax", textBox1.Text);
query = (string)sqlCommand.ExecuteScalar();
}
using(var dataAdapter = new SqlDataAdapter())
using(var dataCommand = new SqlCommand(query, conn))
{
dataCommand.Parameters.AddWithValue("parameter", poNumber);
dataAdapter.SelectCommand = dataCommand;
dataAdapter.Fill(myDataSet);
}
select * from po_pomas_pur_order_hdr where pomas_pono = '2PO/000002/09-10'
但这是不可能的。如何获得这样的查询?有什么建议吗?这样更安全: 他检查“和”,检查字段的类型等 上述示例中的代码与插入、删除和更新的代码相同:
using (SqlCommand command = new SqlCommand("SELECT * FROM Dogs1 WHERE Name LIKE @Name", connection))
{
//
// Add new SqlParameter to the command.
//
command.Parameters.Add(new SqlParameter("Name", dogName));
//
// Read in the SELECT results.
//
SqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
int weight = reader.GetInt32(0);
string name = reader.GetString(1);
string breed = reader.GetString(2);
Console.WriteLine("Weight = {0}, Name = {1}, Breed = {2}", weight, name, breed);
}
}
SqlDataAdapter da1 = new SqlDataAdapter(da.tostring() +"'"+ textBox1.Text +"'", conn)
string query = null;
using (var command = new SqlCommand("select query from Table1 where syntax = @Syntax", conn))
{
command.Parameters.AddWithValue("@Syntax", textBox1.Text);
query = command.ExecuteScalar(); // this assumes only one query result is returned
}
string query;
using(var sqlCommand = new SqlCommand(
"select query from Table1 where syntax=@syntax", conn))
{
sqlCommand.Parameters.AddWithValue("syntax", textBox1.Text);
query = (string)sqlCommand.ExecuteScalar();
}
using(var dataAdapter = new SqlDataAdapter())
using(var dataCommand = new SqlCommand(query, conn))
{
dataCommand.Parameters.AddWithValue("parameter", poNumber);
dataAdapter.SelectCommand = dataCommand;
dataAdapter.Fill(myDataSet);
}
SqlDataAdapter da1 = new SqlDataAdapter(query +"'"+ textBox1.Text +"'", conn);
尽管我建议也使用参数。前提是您有一个要使用适配器填充的数据集,并且您调整了要使用的查询,以避免出现以下情况:
SqlDataAdapter da1 = new SqlDataAdapter(da.tostring() +"'"+ textBox1.Text +"'", conn)
string query = null;
using (var command = new SqlCommand("select query from Table1 where syntax = @Syntax", conn))
{
command.Parameters.AddWithValue("@Syntax", textBox1.Text);
query = command.ExecuteScalar(); // this assumes only one query result is returned
}
string query;
using(var sqlCommand = new SqlCommand(
"select query from Table1 where syntax=@syntax", conn))
{
sqlCommand.Parameters.AddWithValue("syntax", textBox1.Text);
query = (string)sqlCommand.ExecuteScalar();
}
using(var dataAdapter = new SqlDataAdapter())
using(var dataCommand = new SqlCommand(query, conn))
{
dataCommand.Parameters.AddWithValue("parameter", poNumber);
dataAdapter.SelectCommand = dataCommand;
dataAdapter.Fill(myDataSet);
}
我不明白您到底想要什么?第一件事是使用而不是直接来自可能恶意用户的文本。据我所知,您想要创建一个复杂的SQL查询,该查询将在一个查询中给出结果?使用dataadapter,您可以使用:SqlDataAdapter=new SqlDataAdaptercommand;