asp.net C#命名参数SqlParameter详解
2010-01-18 16:42
387 查看
DBHelper:
/// <summary>
/// 执行查询
/// </summary>
/// <param name="sql">有效的select语句</param>
/// <returns>返回SqlDataReader</returns>
public static SqlDataReader ExecuteReader(string sql)
{
SqlConnection con = new SqlConnection(constring);
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
return cmd.ExecuteReader(CommandBehavior.CloseConnection);
}
/// <summary>
/// 执行查询带参数
/// </summary>
/// <param name="sql">有效的select语句</param>
/// <returns>返回SqlDataReader</returns>
public static SqlDataReader ExecuteReader(string sql,SqlParameter parameter)
{
SqlConnection con = new SqlConnection(constring);
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
cmd.Parameters.Add(parameter);
return cmd.ExecuteReader(CommandBehavior.CloseConnection);
}
/// <summary>
/// 执行查询带参数数组
/// </summary>
/// <param name="sql">有效的select语句</param>
/// <returns>返回SqlDataReader</returns>
public static SqlDataReader ExecuteReader(string sql, SqlParameter[] parameters)
{
SqlConnection con = new SqlConnection(constring);
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
//AddRange添加数组
cmd.Parameters.AddRange(parameters);
return cmd.ExecuteReader(CommandBehavior.CloseConnection);
}
/// <summary>
/// 执行增删改
/// </summary>
/// <param name="sql"></param>
/// <returns>影响的行数</returns>
public static int ExecuteNonQuery(string sql)
{
using (SqlConnection con = new SqlConnection(constring))
{
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
return cmd.ExecuteNonQuery();
}
}
public static int ExecuteNonQuery(string sql,SqlParameter[] parameters)
{
using (SqlConnection con = new SqlConnection(constring))
{
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
//foreach (SqlParameter item in parameters)
//{
// cmd.Parameters.Add(item);
//}
cmd.Parameters.AddRange(parameters);
return cmd.ExecuteNonQuery();
}
}
public static int ExecuteNonQuery(string sql, SqlParameter parameter)
{
using (SqlConnection con = new SqlConnection(constring))
{
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
cmd.Parameters.Add(parameter);
return cmd.ExecuteNonQuery();
}
}
DAL:
public static int Insert(company model)
{
StringBuilder strSql = new StringBuilder();
strSql.Append("insert into company");
strSql.Append("(FullName,ShortName,Keywords,Description,Type,Property,Style,Capital,Size,Details,Province,City,Address,Postalcode,Tel,Fax,Mailbox,Url,Link,createtime,Poss,Linkman,Product,Userid)");
strSql.Append(" values (");
strSql.Append("@FullName,@ShortName,@Keywords,@Description,@Type,@Property,@Style,@Capital,@Size,@Details,@Province,@City,@Address,@Postalcode,@Tel,@Fax,@Mailbox,@Url,@Link,@Createtime,@Poss,@Linkman,@Product,@Userid)");
SqlParameter[] parameters = {
new SqlParameter("@FullName",SqlDbType.VarChar),
new SqlParameter("@ShortName",SqlDbType.VarChar),
new SqlParameter("@Keywords",SqlDbType.VarChar),
。。。。。。。。。。。。。。。。。。
};
//new SqlParameter( PARAM_PASSWORD, password== null ? (object)DBNull.Value : (object)password ),
parameters[0].Value = model.FullName;
parameters[1].Value = ""; //model.ShortName;
parameters[2].Value = "";// model.Keywords;
parameters[3].Value = model.Description;
parameters[4].Value = model.Type;
parameters[5].Value = model.Property;
parameters[6].Value = model.Style;
parameters[7].Value = model.Capital;
parameters[8].Value = model.Size;
//如果model.Details为空的话在执行的时候就会报“需要@Details参数,但未提供该参数”所以不能parameters[9].Value = model.Details;这样写
parameters[9].Value = model.Details == null ? (object)System.DBNull.Value : model.Details;
//parameters[9].Value = model.Details;
。。。。。。。。。。。。。。。。。。。
return DBHelper.ExecuteNonQuery(strSql.ToString(), parameters);
}
public static List<company> SelectTop5(string type)
{
//asp.net SqlParameter关于Like的传参数无效问题问题在于Sql给参数自动添加了单引号。实际上在Sql,将like的代码解析成为了like '%'type'%' ",所以要写成下面的形式
string sql = "select top 5 * from company where poss='通过' and type like @type order by createtime desc";
string seach = "%"+type+"%";
SqlDataReader reader = DBHelper.ExecuteReader(sql, new SqlParameter("@type",ObjToStr(seach)));
。。。。。。。。。。。。。。。。。。。
}
public static int UpdateComInfo(company model)
{
string sql11 = "update company set =@Type,[Property]=@Property,Style=@Style,Capital=@Capital,[Size]=@Size,Details=@Details,Province=@Province,City=@City,Address=@Address,Postalcode=@Postalcode,Tel=@Tel,Fax=@Fax,Mailbox=@Mailbox,Url=@Url,Link=@Link,createtime=@Createtime,Poss=@Poss,Linkman=@Linkman,Product=@Product,Userid=@Userid]FullName=@FullName,ShortName=@ShortName,Keywords=@Keywords,Description=@Description,[Type]=@Type,[Property]=@Property,Style=@Style,Capital=@Capital,[Size]=@Size,Details=@Details,Province=@Province,City=@City,Address=@Address,Postalcode=@Postalcode,Tel=@Tel,Fax=@Fax,Mailbox=@Mailbox,Url=@Url,Link=@Link,createtime=@Createtime,Poss=@Poss,Linkman=@Linkman,Product=@Product,Userid=@Userid where Id=@Id";
SqlParameter[] parameters = {
new SqlParameter("@FullName",ObjToStr(model.FullName)),
new SqlParameter("@ShortName",ObjToStr(model.ShortName)),
new SqlParameter("@Keywords",ObjToStr(model.Keywords)),
。。。。。。。。。。。。。。。。。。。
};
return DBHelper.ExecuteNonQuery(sql11,parameters);
}
public static company SelectById(string id)
{
string sql = "select * from company where Id=@id";
SqlDataReader reader = DBHelper.ExecuteReader(sql, new SqlParameter("@id", ObjToStr(id)));
。。。。。。。。。。。。。。。。
}
/// <summary>
/// 执行查询
/// </summary>
/// <param name="sql">有效的select语句</param>
/// <returns>返回SqlDataReader</returns>
public static SqlDataReader ExecuteReader(string sql)
{
SqlConnection con = new SqlConnection(constring);
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
return cmd.ExecuteReader(CommandBehavior.CloseConnection);
}
/// <summary>
/// 执行查询带参数
/// </summary>
/// <param name="sql">有效的select语句</param>
/// <returns>返回SqlDataReader</returns>
public static SqlDataReader ExecuteReader(string sql,SqlParameter parameter)
{
SqlConnection con = new SqlConnection(constring);
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
cmd.Parameters.Add(parameter);
return cmd.ExecuteReader(CommandBehavior.CloseConnection);
}
/// <summary>
/// 执行查询带参数数组
/// </summary>
/// <param name="sql">有效的select语句</param>
/// <returns>返回SqlDataReader</returns>
public static SqlDataReader ExecuteReader(string sql, SqlParameter[] parameters)
{
SqlConnection con = new SqlConnection(constring);
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
//AddRange添加数组
cmd.Parameters.AddRange(parameters);
return cmd.ExecuteReader(CommandBehavior.CloseConnection);
}
/// <summary>
/// 执行增删改
/// </summary>
/// <param name="sql"></param>
/// <returns>影响的行数</returns>
public static int ExecuteNonQuery(string sql)
{
using (SqlConnection con = new SqlConnection(constring))
{
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
return cmd.ExecuteNonQuery();
}
}
public static int ExecuteNonQuery(string sql,SqlParameter[] parameters)
{
using (SqlConnection con = new SqlConnection(constring))
{
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
//foreach (SqlParameter item in parameters)
//{
// cmd.Parameters.Add(item);
//}
cmd.Parameters.AddRange(parameters);
return cmd.ExecuteNonQuery();
}
}
public static int ExecuteNonQuery(string sql, SqlParameter parameter)
{
using (SqlConnection con = new SqlConnection(constring))
{
con.Open();
SqlCommand cmd = new SqlCommand(sql, con);
cmd.Parameters.Add(parameter);
return cmd.ExecuteNonQuery();
}
}
DAL:
public static int Insert(company model)
{
StringBuilder strSql = new StringBuilder();
strSql.Append("insert into company");
strSql.Append("(FullName,ShortName,Keywords,Description,Type,Property,Style,Capital,Size,Details,Province,City,Address,Postalcode,Tel,Fax,Mailbox,Url,Link,createtime,Poss,Linkman,Product,Userid)");
strSql.Append(" values (");
strSql.Append("@FullName,@ShortName,@Keywords,@Description,@Type,@Property,@Style,@Capital,@Size,@Details,@Province,@City,@Address,@Postalcode,@Tel,@Fax,@Mailbox,@Url,@Link,@Createtime,@Poss,@Linkman,@Product,@Userid)");
SqlParameter[] parameters = {
new SqlParameter("@FullName",SqlDbType.VarChar),
new SqlParameter("@ShortName",SqlDbType.VarChar),
new SqlParameter("@Keywords",SqlDbType.VarChar),
。。。。。。。。。。。。。。。。。。
};
//new SqlParameter( PARAM_PASSWORD, password== null ? (object)DBNull.Value : (object)password ),
parameters[0].Value = model.FullName;
parameters[1].Value = ""; //model.ShortName;
parameters[2].Value = "";// model.Keywords;
parameters[3].Value = model.Description;
parameters[4].Value = model.Type;
parameters[5].Value = model.Property;
parameters[6].Value = model.Style;
parameters[7].Value = model.Capital;
parameters[8].Value = model.Size;
//如果model.Details为空的话在执行的时候就会报“需要@Details参数,但未提供该参数”所以不能parameters[9].Value = model.Details;这样写
parameters[9].Value = model.Details == null ? (object)System.DBNull.Value : model.Details;
//parameters[9].Value = model.Details;
。。。。。。。。。。。。。。。。。。。
return DBHelper.ExecuteNonQuery(strSql.ToString(), parameters);
}
public static List<company> SelectTop5(string type)
{
//asp.net SqlParameter关于Like的传参数无效问题问题在于Sql给参数自动添加了单引号。实际上在Sql,将like的代码解析成为了like '%'type'%' ",所以要写成下面的形式
string sql = "select top 5 * from company where poss='通过' and type like @type order by createtime desc";
string seach = "%"+type+"%";
SqlDataReader reader = DBHelper.ExecuteReader(sql, new SqlParameter("@type",ObjToStr(seach)));
。。。。。。。。。。。。。。。。。。。
}
public static int UpdateComInfo(company model)
{
string sql11 = "update company set =@Type,[Property]=@Property,Style=@Style,Capital=@Capital,[Size]=@Size,Details=@Details,Province=@Province,City=@City,Address=@Address,Postalcode=@Postalcode,Tel=@Tel,Fax=@Fax,Mailbox=@Mailbox,Url=@Url,Link=@Link,createtime=@Createtime,Poss=@Poss,Linkman=@Linkman,Product=@Product,Userid=@Userid]FullName=@FullName,ShortName=@ShortName,Keywords=@Keywords,Description=@Description,[Type]=@Type,[Property]=@Property,Style=@Style,Capital=@Capital,[Size]=@Size,Details=@Details,Province=@Province,City=@City,Address=@Address,Postalcode=@Postalcode,Tel=@Tel,Fax=@Fax,Mailbox=@Mailbox,Url=@Url,Link=@Link,createtime=@Createtime,Poss=@Poss,Linkman=@Linkman,Product=@Product,Userid=@Userid where Id=@Id";
SqlParameter[] parameters = {
new SqlParameter("@FullName",ObjToStr(model.FullName)),
new SqlParameter("@ShortName",ObjToStr(model.ShortName)),
new SqlParameter("@Keywords",ObjToStr(model.Keywords)),
。。。。。。。。。。。。。。。。。。。
};
return DBHelper.ExecuteNonQuery(sql11,parameters);
}
public static company SelectById(string id)
{
string sql = "select * from company where Id=@id";
SqlDataReader reader = DBHelper.ExecuteReader(sql, new SqlParameter("@id", ObjToStr(id)));
。。。。。。。。。。。。。。。。
}
相关文章推荐
- c#asp.net url 传递中文参数要使用 System.Web.HttpUtility.UrlEncode 而不能使用Server.UrlEncode
- 【C#.NET】ASP.NET中实现页面间的参数传递 QueryString\Application\Session\Cookie
- 【ASP.NET】asp,c#命名规则参考
- ASP.net(c#) 在ACCESS数据库中利用参数使用存储过程例子(防SQL注入)
- asp.net中自动填充参数的存储过程类(C#)
- Asp.net .net(C#) 获取当前命名空间,类名,方法名的方法
- FCK在ASP.NET(C#)中的应用,FCK上传文件重命名!
- 每日总结(二)C#判断输入内容为数字、Sharepoint回收应用程序池错误、Asp.Net 会发或回调参数无效、DropDownList动态绑定且设置默认选择项
- C#与ASP.NET(CS与BS)结合开发应用传递参数的方法
- asp.net(C#)函数对象参数传递的问题
- 解决Win10系统下 C# DateTime 出现星期几的问题 解决ASP.NET MVC 接受Request Playload参数问题
- asp.net(C#) Request.ServerVariables 各参数说明集合
- c#asp.net url 传递中文参数要使用 System.Web.HttpUtility.UrlEncode 而不能使用Server.UrlEncode
- c#asp.net url 传递中文参数
- C# asp.net页面通过URL参数传值中文乱码问题解决办法
- asp.net ajax使用C#后台代码(无参数)
- 记asp.net VB与C# 页面参数传值
- Asp.net .net(C#) 获取当前命名空间,类名,方法名的方法
- 在 ASP.NET Web API 中,使用 命名空间(namespace) 来作为路由的参数
- asp.net c# web.config 读取web.config中自定义的参数信息,configuration section configSections