我如何进行参数设置?!
string query = "";
query += " SELECT DistID FROM Distributor";
query += " WHERE Username = '" + username_id.Text + "'";
query += " AND Password = '" + password.Text + "'";
GeneralFunctions.GetData( query );
可以在这里完成,还是必须在GetData方法中完成?
以下是两种方法:
public static DataTable GetData ( string query )
{
SqlDataAdapter dataAdapter;
DataTable table;
try
{
dataAdapter = new SqlDataAdapter( query, GetConnectionString() );
table = new DataTable();
dataAdapter.Fill( table );
return table;
}
catch ( Exception ex )
{
}
finally
{
dataAdapter = null;
table = null;
}
return table;
}
public static string GetConnectionString ()
{
string connectionString = ConfigurationManager.ConnectionStrings[ "CAPortalConnectionString" ].ConnectionString;
return connectionString;
}
答案 0 :(得分:3)
我建议您设计查询数据库的特定方法,如下所示:
public static int? GetDistID(string username, string password)
{
using (var conn = new SqlConnection(GetConnectionString()))
using (var cmd = conn.CreateCommand())
{
conn.Open();
cmd.CommandText =
@"SELECT
DistID
FROM
Distributor
WHERE
Username = @username
AND
Password = @password";
cmd.Parameters.AddWithValue("@username", username);
cmd.Parameters.AddWithValue("@password", password);
using (var reader = cmd.ExecuteReader())
{
if (!reader.Read())
{
// no results found
return null;
}
return reader.GetInt32(reader.GetOrdinal("DistID"));
}
}
}
然后:
var distId = GeneralFunctions.GetDistID(username_id.Text, password.Text);
不需要DataTables / Sets / Adapters。使用强类型对象。
答案 1 :(得分:1)
使用SqlCommand对象,您可以创建一个参数化查询,如下所示:
public object GetDistID(string username, string password)
{
using (var conn = new SqlConnection("..."))
{
using (var cmd = new SqlCommand("SELECT DistID FROM Distributor WHERE Username=@Username AND Password=@Password", conn))
{
cmd.Connection.Open();
cmd.Parameters.AddWithValue("@Username", username);
cmd.Parameters.AddWithValue("@Password", password);
return cmd.ExecuteScalar();
}
}
}
如果它对您有用,这是您可以使用的课程。它是针对存储过程量身定制的,但添加一个接受查询的方法应该很容易:
using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Web;
using System.Xml;
using System.Collections;
using System.Collections.Specialized;
using System.Collections.Generic;
using System.Text;
namespace NESCTC.Data
{
public class DataAccess : IDisposable
{
#region declarations
private SqlCommand _cmd;
private string _SqlConnString;
#endregion
#region constructors
public DataAccess(string ConnectionString)
{
_cmd = new SqlCommand();
_cmd.CommandTimeout = 240;
_SqlConnString = ConnectionString;
}
#endregion
#region IDisposable implementation
~DataAccess()
{
Dispose(false);
}
public void Dispose()
{
Dispose(true);
}
protected virtual void Dispose(bool disposing)
{
if (disposing)
{
_cmd.Connection.Dispose();
_cmd.Dispose();
}
}
#endregion
#region data retrieval methods
public DataTable ExecReturnDataTable()
{
using (SqlConnection conn = new SqlConnection(this.ConnectionString))
{
try
{
PrepareCommandForExecution(conn);
using (SqlDataAdapter adap = new SqlDataAdapter(_cmd))
{
DataTable dt = new DataTable();
adap.Fill(dt);
return dt;
}
}
catch
{
_cmd.Connection.Close();
throw;
}
finally
{
_cmd.Connection.Close();
}
}
}
public object ExecScalar()
{
using (SqlConnection conn = new SqlConnection(this.ConnectionString))
{
try
{
PrepareCommandForExecution(conn);
return _cmd.ExecuteScalar();
}
catch (Exception ex)
{
_cmd.Connection.Close();
throw ex;
}
finally
{
_cmd.Connection.Close();
}
}
}
#endregion
#region data insert and update methods
public void ExecNonQuery()
{
using (SqlConnection conn = new SqlConnection(this.ConnectionString))
{
try
{
PrepareCommandForExecution(conn);
_cmd.ExecuteNonQuery();
}
catch
{
_cmd.Connection.Close();
throw;
}
finally
{
_cmd.Connection.Close();
}
}
}
#endregion
#region helper methods
public void AddParm(string ParameterName, SqlDbType ParameterType, object Value)
{ _cmd.Parameters.Add(ParameterName, ParameterType).Value = Value; }
private SqlCommand PrepareCommandForExecution(SqlConnection conn)
{
try
{
_cmd.Connection = conn;
_cmd.CommandType = CommandType.StoredProcedure;
_cmd.CommandTimeout = this.CommandTimeout;
_cmd.Connection.Open();
return _cmd;
}
catch
{
_cmd.Connection.Close();
throw;
}
}
#endregion
#region properties
public int CommandTimeout
{
get { return _cmd.CommandTimeout; }
set { _cmd.CommandTimeout = value; }
}
public string ProcedureName
{
get { return _cmd.CommandText; }
set { _cmd.CommandText = value; }
}
public string ConnectionString
{
get { return _SqlConnString; }
set { _SqlConnString = value; }
}
#endregion
}
}
你可以使用这样的类:
public object GetDistID(string username, string password)
{
using (var data = new DataAccess("ConnectionString"))
{
data.ProcedureName = "GetDistID";
data.AddParm("@Username", SqlDbType.VarChar, username);
data.AddParm("@Password", SqlDbType.VarChar, password);
return data.ExecScalar();
}
}