我有以下代码,其中表名是学生,列名是sem_of_study的<{1}}
INT我想知道我是否可以将SQL命令转换为整数,以便我可以在Dim userquery As String = "select sem_of_study from student where username='" + Session("user") + "'"
Dim usercom As New SqlCommand(userquery, conn)
Dim a = usercom.ExecuteReader
语句中使用它!
这样变量a
IF答案 0 :(得分:1)
除了你应该使用parameterized queries(搜索SO - 很多例子)之外,你需要在DataReader行中做这样的阅读:
Dim a as Integer
Dim myReader As SqlDataReader = usercom.ExecuteReader()
If myReader.HasRows Then
myReader.Read()
a = myReader.GetInt32(0)
End If
参数:
Dim userquery As String = "select sem_of_study from student where username=@username"
Dim usercom as SqlCommand = new SqlCommand()
usercom.Connection = conn
usercom.CommandType = CommandType.Text
usercom.CommendText = userquery
usercom.Parameters.AddWithValue("username", Session("user"))