²ÎÊý»¯SQLÓï¾äSqlParameter

±ÜÃâSQL×¢ÈëµÄ·½·¨ÓÐÁ½ÖÖ£ºÒ»ÊÇËùÓеÄSQLÓï¾ä¶¼´æ·ÅÔÚ´æ´¢¹ý³ÌÖУ¬ÕâÑù²»µ«¿ÉÒÔ±ÜÃâSQL×¢È룬»¹ÄÜÌá¸ßһЩÐÔÄÜ£¬²¢ÇÒ´æ´¢¹ý³Ì¿ÉÒÔÓÉרÃŵÄÊý¾Ý¿â¹ÜÀíÔ±(DBA)±àдºÍ¼¯ÖйÜÀí£¨ÕâÖÖ×ö·¨ÎÒÔÚһЩ¹«Ë¾¼û¹ý£©£¬²»¹ýÕâÖÖ×ö·¨ÓÐʱºòÕë¶ÔÏàͬµÄ¼¸¸ö±íÓв»Í¬Ìõ¼þµÄ²éѯ£¬SQLÓï¾ä¿ÉÄܲ»Í¬£¬ÕâÑù¾Í»á±àд´óÁ¿µÄ´æ´¢¹ý³Ì£¬ËùÒÔÓÐÈËÌá³öÁ˵ڶþÖÖ·½°¸£º²ÎÊý»¯SQLÓï¾ä¡£ÀýÈçÎÒÃÇÔÚ±¾ÆªÖд´½¨µÄ±íUserInfoÖвéÕÒËùÓÐÅ®ÐÔÓû§£¬ÄÇôͨ³£Çé¿öÏÂÎÒÃǵÄSQLÓï¾ä¿ÉÄÜÊÇÕâÑù£º
select * from UserInfo where sex=0
ÔÚ²ÎÊý»¯SQLÓï¾äÖÐÎÒÃǽ«ÊýÖµÒÔ²ÎÊý»¯µÄÐÎʽÌṩ£¬¶ÔÓÚÉÏÃæµÄ²éѯ£¬ÎÒÃÇÓòÎÊý»¯SQLÓï¾ä±íʾΪ£º
select * from UserInfo where sex=@sex
ÎÒÃÇÔÙ¶Ô´úÂëÖжÔÕâ¸öSQLÓï¾äÖеIJÎÊý½øÐи³Öµ£¬¼ÙÈçÎÒÃÇÒª²éÕÒUserInfo±íÖÐËùÓÐÄêÁä´óÓÚ30ËêµÄÄÐÐÔÓû§£¬Õâ¸ö²ÎÊý»¯SQLÓï¾ä¿ÉÒÔÕâôд£º
select * from UserInfo where sex=@sex and age>@age
ÏÂÃæÊÇÖ´ÐÐÕâ¸ö²éѯ²¢ÇÒ½«²éѯ½á¹û¼¯ÒÔDataTableµÄ·½Ê½·µ»ØµÄ´úÂ룺
C# code
//ʵÀý»¯Connection¶ÔÏó
SqlConnection connection = new SqlConnection("Data Source=(local);Initial Catalog=AspNetStudy;Persist Security Info=True;User ID=sa;Password=sa");
//ʵÀý»¯Command¶ÔÏó
SqlCommand command = new SqlCommand("select * from UserInfo where sex=@sex and age>@age", connection);
//µÚÒ»ÖÖÌí¼Ó²éѯ²ÎÊýµÄÀý×Ó
command.Parameters.AddWithValue("@sex", true);
//µÚ¶þÖÖÌí¼Ó²éѯ²ÎÊýµÄÀý×Ó
SqlParameter parameter = new SqlParameter("@age", SqlDbType.Int);//×¢ÒâUserInfo±íÀïage×Ö¶ÎÊÇintÀàÐ͵Ä
parameter.Value = 30;
command.Parameters.Add(parameter);//Ìí¼Ó²ÎÊý
//ʵÀý»¯DataAdapter
SqlDataAdapter adapter = new SqlDataAdapter(command);
DataTable data = new DataTable();