C# 如何在asp.net中使用类、方法和参数传递sql语句
如何使用asp.net c#中的类、方法和参数为该语句传递SQL语句。 首先,我想创建一个方法并向调用值添加参数C# 如何在asp.net中使用类、方法和参数传递sql语句,c#,sql,asp.net,C#,Sql,Asp.net,如何使用asp.net c#中的类、方法和参数为该语句传递SQL语句。 首先,我想创建一个方法并向调用值添加参数 protected void Btnsubmit_Click(object sender, EventArgs e) { String Orders = "INSERT INTO Orders VALUES('" + DDLCustomerID.SelectedValue + "','" + Convert.ToInt32(TxtNetPrice.Text)
protected void Btnsubmit_Click(object sender, EventArgs e)
{
String Orders = "INSERT INTO Orders VALUES('" + DDLCustomerID.SelectedValue + "','" + Convert.ToInt32(TxtNetPrice.Text) + "');" + " SELECT SCOPE_IDENTITY();";
using (SqlCommand command = new SqlCommand(Orders, Connection))
{
command.CommandType = CommandType.Text;
Connection.Open();
int intID = Convert.ToInt32(command.ExecuteScalar());
String Orderdetails1 = "INSERT INTO OrderDetails VALUES(" + intID + ",'" + DDLProduct1.SelectedItem + "','" + Convert.ToInt32(TxtPrice1.Text) + "','" + Convert.ToInt32(TxtQuantity1.Text) + "','" + Convert.ToInt32(TxtTotalPrice1.Text) + "')";
SqlCommand Command1 = new SqlCommand(Orderdetails1, Connection);
Command1.CommandType = CommandType.Text;
Command1.ExecuteNonQuery();
String Orderdetails2 = "INSERT INTO OrderDetails VALUES(" + intID + ",'" + DDLProduct2.SelectedItem + " ','" + Convert.ToInt32(TxtPrice2.Text) + "','" + Convert.ToInt32(TxtQuantity2.Text) + "','" + Convert.ToInt32(TxtTotalPrice2.Text) + "')";
SqlCommand Command2 = new SqlCommand(Orderdetails2, Connection);
Command2.CommandType = CommandType.Text;
Command2.ExecuteNonQuery();
String Orderdetails3 = "INSERT INTO OrderDetails VALUES(" + intID + ",'" + DDLProduct3.SelectedItem + " ','" + Convert.ToInt32(TxtPrice3.Text) + "','" + Convert.ToInt32(TxtQuantity3.Text) + "','" + Convert.ToInt32(TxtTotalPrice3.Text) + "')";
SqlCommand Command3 = new SqlCommand(Orderdetails3, Connection);
Command3.CommandType = CommandType.Text;
Command3.ExecuteNonQuery();
Response.Write("<script>alert('Successfully Inserted');</script>");
Connection.Close();
}
}
protectedvoid Btnsubmit\u单击(对象发送方,事件参数e)
{
String Orders=“INSERT INTO Orders value”(“+DDLCustomerID.SelectedValue+”,“+Convert.ToInt32(TxtNetPrice.Text)+”);“+”选择范围_标识();
使用(SqlCommand=newsqlcommand(命令、连接))
{
command.CommandType=CommandType.Text;
Connection.Open();
int intID=Convert.ToInt32(command.ExecuteScalar());
String Orderdetails1=“插入到OrderDetails值(“+intID+”、“+DDLProduct1.SelectedItem+”、“+Convert.ToInt32(TxtPrice1.Text)+”、“+Convert.ToInt32(TxtTotalPrice1.Text)+”、“+Convert.ToInt32(TxtTotalPrice1.Text)+”);
SqlCommand Command1=新的SqlCommand(Orderdetails1,连接);
Command1.CommandType=CommandType.Text;
Command1.ExecuteNonQuery();
String Orderdetails2=“插入到OrderDetails值(“+intID+”、“+DDLProduct2.SelectedItem+”、“+Convert.ToInt32(TxtPrice2.Text)+”、“+Convert.ToInt32(TxtTotalPrice2.Text)+”、“+Convert.ToInt32(TxtTotalPrice2.Text)+”);
SqlCommand Command2=新的SqlCommand(Orderdetails2,连接);
Command2.CommandType=CommandType.Text;
Command2.ExecuteNonQuery();
String Orderdetails3=“插入到OrderDetails值(“+intID+”、“+DDLProduct3.SelectedItem+”、“+Convert.ToInt32(TxtPrice3.Text)+”、“+Convert.ToInt32(TxtTotalPrice3.Text)+”、“+Convert.ToInt32(TxtTotalPrice3.Text)+”);
SqlCommand Command3=新的SqlCommand(Orderdetails3,连接);
Command3.CommandType=CommandType.Text;
Command3.ExecuteNonQuery();
写入(“警报(‘已成功插入’);”;
Connection.Close();
}
}
DDLProduct1.SelectedItemSqlCommandSqlCommand.ParametersSqlCommand但是请注意,在处理转换时需要一些错误-如果
TxtNetPricestring Orders = "INSERT INTO Orders VALUES(@customerID, @price); SELECT SCOPE_IDENTITY();";
SqlCommand command = new SqlCommand(Orders, Connection);
command.Parameters.Add("@customerID", SqlDbType.Int);
command.Parameters["@customerID"].Value = DDLCustomerID.SelectedValue;
command.Parameters.Add("@price", SqlDbType.Int);
command.Parameters["@price"].Value = Convert.ToInt32(TxtNetPrice.Text);