C# 将select语句分配给变量并在其他查询asp.net c中重用
我正在处理大查询,因为我重复使用了4次相同的select语句,所以在这里,我想将一些较慢的查询结果设置为变量“var_sql”,以便在其他查询中再次使用它们 例如:C# 将select语句分配给变量并在其他查询asp.net c中重用,c#,asp.net,C#,Asp.net,我正在处理大查询,因为我重复使用了4次相同的select语句,所以在这里,我想将一些较慢的查询结果设置为变量“var_sql”,以便在其他查询中再次使用它们 例如: string var_sql = "select Session_Id from sessions where UserId='" + Session["userid"].ToString() + "'"; SqlCommand command = new SqlCommand("Select
string var_sql = "select Session_Id from sessions where UserId='"
+ Session["userid"].ToString() + "'";
SqlCommand command
= new SqlCommand("Select distinct right(start_time,7) as st_time, right(end_time,7) as ed_time from Session_Info where CourseName = '"
+ coursename.SelectedValue
+ "' and Session_Id not in (select Session_Id from sessions where UserId='"
+ Session["userid"].ToString() + "') and start_time not in (select start_time from Session_Info where Convert(varchar,start_time, 108) between (select right(start_time,7) from Session_Info where Session_Id in (var_sql )) and (select right(dateadd(minute,-1,end_time),7) from Session_Info where Session_Id in (var_sql ))) and end_time not in (select end_time from Session_Info where Convert(varchar,end_time, 108) between (select right(dateadd(minute,+1,start_time),7) from Session_Info where Session_Id in (var_sql )) and (select right(end_time,7) from Session_Info where Session_Id in (var_sql ))) ",
connection);
请参阅am在四个位置使用相同的var_sql。。在这里,我试过这样做,但效果不好。。有人能帮我吗?您不应该使用字符串连接来创建查询,因为它很容易被SQL注入。还可以看看,这样下次你就不会忘记了。有趣的事情总比什么都重要
有趣的是,您应该完全重新设计查询,并使用SqlParameter来形成一个命令。请参见如何使用参数
由于您并没有描述需求,所以不可能给出如何重新设计查询的建议,但您应该尝试将Session_Id表连接到自身
编辑:
这肯定不是正确的方法,看看我之前的评论为什么,但似乎你不想重新设计任何东西。正如我在评论中已经说过的,您需要在双引号之外使用var_sql,以便将var_sql的内容添加到查询中,而不是变量本身的名称
这里什么都没有:
string var_sql = "select Session_Id from sessions where UserId='"
+ Session["userid"].ToString() + "'";
SqlCommand command
= new SqlCommand("Select distinct right(start_time,7) as st_time, right(end_time,7) as ed_time from Session_Info where CourseName = '"
+ coursename.SelectedValue
+ "' and Session_Id not in (select Session_Id from sessions where UserId='"
+ Session["userid"].ToString() + "') and start_time not in (select start_time from Session_Info where Convert(varchar,start_time, 108) between (select right(start_time,7) from Session_Info where Session_Id in (" + var_sql + " )) and (select right(dateadd(minute,-1,end_time),7) from Session_Info where Session_Id in (" + var_sql + " ))) and end_time not in (select end_time from Session_Info where Convert(varchar,end_time, 108) between (select right(dateadd(minute,+1,start_time),7) from Session_Info where Session_Id in (" + var_sql + " )) and (select right(end_time,7) from Session_Info where Session_Id in (" + var_sql + " ))) ",
connection);
非常感谢您的回复。尤其是卡帕斯臭氧层。 正如你所说,我重新设计了我的查询,并使用了这样的存储过程 创建程序b_计时 在asp.net c中这样调用它
SqlConnection connection = new SqlConnection(strcon);
connection.Open();
SqlCommand command = new SqlCommand("b_timing", connection);
command.CommandType = CommandType.StoredProcedure;
command.Parameters.AddWithValue("@UserId", Session["userid"].ToString());
command.Parameters.AddWithValue("@CourseName", coursename.SelectedValue);
SqlDataAdapter da = new SqlDataAdapter(command);
da.SelectCommand = command;
DataTable dt = new DataTable();
da.Fill(dt);
dt.Columns.Add("timing", typeof(string), "st_time+' '+'To'+' '+ed_time");
if (dt.Rows.Count > 0)
{
timing.DataSource = dt;
timing.DataTextField = "timing";
timing.DataValueField = "timing";
timing.DataBind();
timing.Items.Insert(0, new ListItem("Choose Batch Timing", "0"));
timing.Visible = true;
timing.Focus();
}
它现在工作正常了在某种程度上,它工作不正常吗?请说明问题所在。它不能正常工作。我不会告诉我们您的期望/您希望代码如何工作。提供您怀疑有问题的部分代码。在第二个查询中,而不是@select\u ID。我想在那里使用分配的variablevar\u sql。我得到了一个错误,例如无效的列名“var\u sql”。这是一个很好的建议,但这不是所问的问题。查询设计糟糕,这就是问题的根源。我建议重新设计查询本身并使用SqlParameters。与我评论的第一个发布的答案相比,您编辑的答案是一个不错的选择。无论如何,评论旨在改进SO中的答案:是,我需要加入会话id表。。但我尝试过的是显示错误,比如无效的列名“var_sql”。这意味着您将var_sql放在引号中,sql server尝试解析它。您应该将其置于引号之外,以便获得正确的SQL命令。除了我在回答中所说的以外,我建议您在调试模式下检查command.command中包含的值。
@UserId nvarchar(70),
@CourseName varchar(max)
)
as
begin
declare @select_ID varchar(50)
select @select_ID = Session_Id from sessions where UserId=@UserId
Select distinct right(start_time,7) as st_time, right(end_time,7) as ed_time from Session_Info where CourseName = @CourseName and Session_Id not in (@select_ID) and start_time not in (select start_time from Session_Info where Convert(varchar,start_time, 108) between (select right(start_time,7) from Session_Info where Session_Id in (@select_ID)) and (select right(dateadd(minute,-1,end_time),7) from Session_Info where Session_Id in (@select_ID))) and end_time not in (select end_time from Session_Info where Convert(varchar,end_time, 108) between (select right(dateadd(minute,+1,start_time),7) from Session_Info where Session_Id in (@select_ID)) and (select right(end_time,7) from Session_Info where Session_Id in (@select_ID)))
end
SqlConnection connection = new SqlConnection(strcon);
connection.Open();
SqlCommand command = new SqlCommand("b_timing", connection);
command.CommandType = CommandType.StoredProcedure;
command.Parameters.AddWithValue("@UserId", Session["userid"].ToString());
command.Parameters.AddWithValue("@CourseName", coursename.SelectedValue);
SqlDataAdapter da = new SqlDataAdapter(command);
da.SelectCommand = command;
DataTable dt = new DataTable();
da.Fill(dt);
dt.Columns.Add("timing", typeof(string), "st_time+' '+'To'+' '+ed_time");
if (dt.Rows.Count > 0)
{
timing.DataSource = dt;
timing.DataTextField = "timing";
timing.DataValueField = "timing";
timing.DataBind();
timing.Items.Insert(0, new ListItem("Choose Batch Timing", "0"));
timing.Visible = true;
timing.Focus();
}