C# 将select语句分配给变量并在其他查询asp.net c中重用

我正在处理大查询，因为我重复使用了4次相同的select语句，所以在这里，我想将一些较慢的查询结果设置为变量“var_sql”，以便在其他查询中再次使用它们

例如：

string var_sql = "select Session_Id from sessions where UserId='" 
                 + Session["userid"].ToString() + "'";

SqlCommand command 
= new SqlCommand("Select distinct right(start_time,7) as st_time,   right(end_time,7) as ed_time from Session_Info where CourseName = '" 
+ coursename.SelectedValue 
+ "' and Session_Id not in (select Session_Id from sessions where   UserId='" 
+ Session["userid"].ToString() + "') and start_time not in (select start_time from   Session_Info where Convert(varchar,start_time, 108) between (select right(start_time,7) from   Session_Info where Session_Id in (var_sql )) and  (select right(dateadd(minute,-1,end_time),7) from Session_Info where Session_Id in (var_sql ))) and end_time not in (select end_time from Session_Info where Convert(varchar,end_time, 108) between (select right(dateadd(minute,+1,start_time),7) from Session_Info where Session_Id in   (var_sql )) and  (select right(end_time,7) from Session_Info where Session_Id in (var_sql ))) ", 
connection);

请参阅am在四个位置使用相同的var_sql。。在这里，我试过这样做，但效果不好。。有人能帮我吗？

您不应该使用字符串连接来创建查询，因为它很容易被SQL注入。还可以看看，这样下次你就不会忘记了。有趣的事情总比什么都重要

有趣的是，您应该完全重新设计查询，并使用SqlParameter来形成一个命令。请参见如何使用参数

由于您并没有描述需求，所以不可能给出如何重新设计查询的建议，但您应该尝试将Session_Id表连接到自身

编辑：

这肯定不是正确的方法，看看我之前的评论为什么，但似乎你不想重新设计任何东西。正如我在评论中已经说过的，您需要在双引号之外使用var_sql，以便将var_sql的内容添加到查询中，而不是变量本身的名称

这里什么都没有：

string var_sql = "select Session_Id from sessions where UserId='" 
                 + Session["userid"].ToString() + "'";
SqlCommand command 
= new SqlCommand("Select distinct right(start_time,7) as st_time,   right(end_time,7) as ed_time from Session_Info where CourseName = '" 
+ coursename.SelectedValue 
+ "' and Session_Id not in (select Session_Id from sessions where   UserId='" 
+ Session["userid"].ToString() + "') and start_time not in (select start_time from   Session_Info where Convert(varchar,start_time, 108) between (select right(start_time,7) from   Session_Info where Session_Id in (" + var_sql + " )) and  (select right(dateadd(minute,-1,end_time),7) from Session_Info where Session_Id in (" + var_sql + " ))) and end_time not in (select end_time from Session_Info where Convert(varchar,end_time, 108) between (select right(dateadd(minute,+1,start_time),7) from Session_Info where Session_Id in   (" + var_sql + " )) and  (select right(end_time,7) from Session_Info where Session_Id in (" + var_sql + " ))) ", 
connection);

---

非常感谢您的回复。尤其是卡帕斯臭氧层。 正如你所说，我重新设计了我的查询，并使用了这样的存储过程

创建程序b_计时

在asp.net c中这样调用它

SqlConnection connection = new SqlConnection(strcon);
    connection.Open();
 SqlCommand command = new SqlCommand("b_timing", connection);
    command.CommandType = CommandType.StoredProcedure;
    command.Parameters.AddWithValue("@UserId", Session["userid"].ToString());
    command.Parameters.AddWithValue("@CourseName", coursename.SelectedValue);
    SqlDataAdapter da = new SqlDataAdapter(command);
    da.SelectCommand = command;
    DataTable dt = new DataTable();
    da.Fill(dt);
    dt.Columns.Add("timing", typeof(string), "st_time+' '+'To'+' '+ed_time");

    if (dt.Rows.Count > 0)
    {
        timing.DataSource = dt;
        timing.DataTextField = "timing";
        timing.DataValueField = "timing";
        timing.DataBind();
        timing.Items.Insert(0, new ListItem("Choose Batch Timing", "0"));
        timing.Visible = true;
        timing.Focus();
    }

---

它现在工作正常了

在某种程度上，它工作不正常吗？请说明问题所在。它不能正常工作。我不会告诉我们您的期望/您希望代码如何工作。提供您怀疑有问题的部分代码。在第二个查询中，而不是@select\u ID。我想在那里使用分配的variablevar\u sql。我得到了一个错误，例如无效的列名“var\u sql”。这是一个很好的建议，但这不是所问的问题。查询设计糟糕，这就是问题的根源。我建议重新设计查询本身并使用SqlParameters。与我评论的第一个发布的答案相比，您编辑的答案是一个不错的选择。无论如何，评论旨在改进SO中的答案：是，我需要加入会话id表。。但我尝试过的是显示错误，比如无效的列名“var_sql”。这意味着您将var_sql放在引号中，sql server尝试解析它。您应该将其置于引号之外，以便获得正确的SQL命令。除了我在回答中所说的以外，我建议您在调试模式下检查command.command中包含的值。

@UserId nvarchar(70),
@CourseName varchar(max)
)
as
begin
declare @select_ID varchar(50)    
select @select_ID =  Session_Id from sessions where UserId=@UserId
Select distinct right(start_time,7) as st_time, right(end_time,7) as ed_time from      Session_Info where CourseName = @CourseName and Session_Id not in (@select_ID) and start_time not in (select start_time from Session_Info where Convert(varchar,start_time, 108) between (select right(start_time,7) from Session_Info where Session_Id in (@select_ID)) and  (select right(dateadd(minute,-1,end_time),7) from Session_Info where Session_Id in (@select_ID))) and end_time not in (select end_time from Session_Info where Convert(varchar,end_time, 108) between (select right(dateadd(minute,+1,start_time),7) from Session_Info where Session_Id in (@select_ID)) and  (select right(end_time,7) from Session_Info where Session_Id in (@select_ID)))
end

SqlConnection connection = new SqlConnection(strcon);
    connection.Open();
 SqlCommand command = new SqlCommand("b_timing", connection);
    command.CommandType = CommandType.StoredProcedure;
    command.Parameters.AddWithValue("@UserId", Session["userid"].ToString());
    command.Parameters.AddWithValue("@CourseName", coursename.SelectedValue);
    SqlDataAdapter da = new SqlDataAdapter(command);
    da.SelectCommand = command;
    DataTable dt = new DataTable();
    da.Fill(dt);
    dt.Columns.Add("timing", typeof(string), "st_time+' '+'To'+' '+ed_time");

    if (dt.Rows.Count > 0)
    {
        timing.DataSource = dt;
        timing.DataTextField = "timing";
        timing.DataValueField = "timing";
        timing.DataBind();
        timing.Items.Insert(0, new ListItem("Choose Batch Timing", "0"));
        timing.Visible = true;
        timing.Focus();
    }