C# 需要以下代码的动态插入查询
对于下面的代码,我在执行之前不知道listbox项,所以我需要动态查询来选择下面的代码C# 需要以下代码的动态插入查询,c#,sql,C#,Sql,对于下面的代码,我在执行之前不知道listbox项,所以我需要动态查询来选择下面的代码 string selectedTable = cmbImportItemList.Text; string col1 = opLstCsl3.Items[0].ToString(); string col2 = opLstCsl3.Items[1].ToString(); string col3 = opLstC
string selectedTable = cmbImportItemList.Text;
string col1 = opLstCsl3.Items[0].ToString();
string col2 = opLstCsl3.Items[1].ToString();
string col3 = opLstCsl3.Items[2].ToString();
string col4 = opLstCsl3.Items[3].ToString();
string col5 = opLstCsl3.Items[4].ToString();
string col6 = opLstCsl3.Items[5].ToString();
string col7 = opLstCsl3.Items[6].ToString();
string col8 = opLstCsl3.Items[7].ToString();
//string[] coll = new string[100];
//string col9 = opLstCsl3.Items[8].ToString();
//'"+col1+"','"+col2+"','"+col3+"','"+col4+"'
using (SqlDataAdapter adater = new SqlDataAdapter("Select " + col1 + "," + col2 + "," + col3 + "," + col4 + "," + col5 + "," + col6 + "," + col7 + "," + col8 + " from " + selectedTable, new SqlConnection(Properties.Settings.Default.connectionstring2)))
{
adater.Fill(dttt);
}
我已经为您的查询编写了一个存储过程,首先在数据库中执行它
CREATE PROCEDURE GetData @colName nvarchar(500) = NULL,@tableName nvarchar(50)=NULL
AS
DECLARE @sqlText nvarchar(1000);
SET @sqlText = N'SELECT ' + @colName + ' FROM ' + @tableName
Exec (@sqlText)
GO
string selectedTable = cmbImportItemList.Text;
string columns = string.Empty;
foreach (var item in pLstCsl3.Items)
{
columns += item + ',';
}
using (SqlConnection con = new SqlConnection(Properties.Settings.Default.connectionstring2)) {
con.Open();
SqlCommand cmd = new SqlCommand("GetData", con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("@colName", columns));
cmd.Parameters.Add(new SqlParameter("@tableName", selectedTable));
using (SqlDataReader rdr = cmd.ExecuteReader()) {
while (rdr.Read())
{
// do what ever you want with your records.
}
}
}
湿婆你应该经常使用。这种字符串连接是开放的攻击。它将更容易使用存储过程!你能给我一些关于为同一查询编写存储过程的指导吗?如果它对你有效,请标记这是一个答案,谢谢。