我需要将此command.CommandText结果添加到command2.CommandText而不是“结果”
string connString = "connect data;";
MySqlConnection conn = new MySqlConnection(connString);
MySqlCommand command = conn.CreateCommand();
MySqlCommand command1 = conn.CreateCommand();
MySqlCommand command2 = conn.CreateCommand();
command.CommandText = "SELECT `order_id` FROM `test` WHERE `order_item_type`='line_item' AND `order_offer_send`='0';";
command2.CommandText = "SELECT `meta_value` FROM `test1` WHERE `order_item_id`='" + result + "'";
答案 0 :(得分:1)
我会使用参数来避免SQL注入攻击并使用指令来避免打开连接并更好地使用gc:
string connString = "connect data;";
string Command = "SELECT `order_id` FROM `test` WHERE `order_item_type`='line_item' AND `order_offer_send`= @order_offer_send limit 1;";
string Command2 = "SELECT `meta_value` FROM `test1` WHERE `order_item_id`= @result limit 1";
int OfferID = -1;
string meta_value = null;
using (MySqlConnection mConnection = new MySqlConnection(connString))
{
mConnection.Open();
using (MySqlCommand myCmd = new MySqlCommand(Command, mConnection))
{
myCmd.Parameters.Add(new MySqlParameter("@order_offer_send", "0"));
OfferID = (int)myCmd.ExecuteScalar();
}
using (MySqlCommand myCmd = new MySqlCommand(Command2, mConnection))
{
myCmd.Parameters.Add(new MySqlParameter("@result", OfferID));
meta_value = (string)myCmd.ExecuteScalar();
}
}