SqlParameter类——带参数的SQL语句

 

SqlParameter 类

表示 SqlCommand 的参数，也可以是它到 DataSet 列的映射。无法继承此类。

命名空间：  System.Data.SqlClient

程序集：  System.Data（在 System.Data.dll 中）

举例1

    string strconn = "Data Source=xxx;user id=sa;pwd=;initial catalog=gltest";        SqlConnection Conn = new SqlConnection(strconn);        Conn.Open();

    // 声明参数        string sql = "insert into users(name,pwd) values (@name,@pwd)";         SqlCommand cmd = new SqlCommand(sql, Conn);

 

    // 添加参数         cmd.Parameters.Add(new SqlParameter("@name", SqlDbType.NVarChar, 50));        cmd.Parameters.Add(new SqlParameter("@pwd", SqlDbType.NVarChar, 50));

 

   // 为参数赋值         cmd.Parameters["@name"].Value = this.TextBox1.Text;        cmd.Parameters["@pwd"].Value = this.TextBox2.Text;

       cmd.ExecuteNonQuery();        Conn.Close();  

 

comm.Parameters.Add()添加参数到参数集即（添加参数列表）,add里面的第一个参数是要添加的参数名,第二个参数是参数的数据类型Parameters的作用就是把存储过程执行结束后得到的参数传到程序里。

第一个是参数名,第二个是参数类型,第三个是长度

 

举例二：

   ///        /// 更新一条数据        ///        public bool Update(Model.MonitoringPointsStatusInfo model)        {            StringBuilder strSql = new StringBuilder();            strSql.Append("update TB_MonitoringPointsStatus set ");            strSql.Append("PointID=@PointID,");            strSql.Append("PointName=@PointName,");            strSql.Append("Date=@Date,");            strSql.Append("DangerousLevel=@DangerousLevel,");            strSql.Append("IsUpload=@IsUpload,");            strSql.Append("IsCheck=@IsCheck,");            strSql.Append("IsSafe=@IsSafe,");            strSql.Append("CycleTime=@CycleTime,");            strSql.Append("ColumnValue=@ColumnValue,");              strSql.Append("IsApproval=@IsApproval,");            strSql.Append("CheckUser=@CheckUser,");            strSql.Append("CheckRealName=@CheckRealName,");            strSql.Append("Note=@Note");

       strSql.Append(" where ID=@ID");            SqlParameter[] parameters = {                         new SqlParameter("@ID", SqlDbType.Int,4),                         new SqlParameter("@PointID", SqlDbType.Int,4),                         new SqlParameter("@PointName", SqlDbType.NVarChar,50),                         new SqlParameter("@Date", SqlDbType.DateTime),                         new SqlParameter("@DangerousLevel", SqlDbType.Char,1),                         new SqlParameter("@IsUpload", SqlDbType.Bit,1),                         new SqlParameter("@IsCheck", SqlDbType.Bit,1),                         new SqlParameter("@CycleTime",SqlDbType.Char,12),                         new SqlParameter("@IsSafe", SqlDbType.Bit,1),                         new SqlParameter("@ColumnValue", SqlDbType.Int),

                    new SqlParameter("@IsApproval", SqlDbType.Bit,1),                         new SqlParameter("@CheckUser", SqlDbType.Int),                         new SqlParameter("@CheckRealName", SqlDbType.NVarChar,50),                         new SqlParameter("@Note", SqlDbType.Text)                                        };

           parameters[0].Value = model.ID;            parameters[1].Value = model.PointID;            parameters[2].Value = model.PointName;            parameters[3].Value = model.Date;            parameters[4].Value = model.DangerousLevel;            parameters[5].Value = model.IsUpload;            parameters[6].Value = model.IsCheck;            parameters[7].Value = model.CycleTime;            parameters[8].Value = model.IsSafe;            parameters[9].Value = model.ColumnValue;

        parameters[10].Value = model.IsApproval;            parameters[11].Value = model.CheckUser;            parameters[12].Value = model.CheckRealName;            parameters[13].Value = model.Note;

           int rows = DBHelper.ExecuteSql(strSql.ToString(), parameters);            if (rows > 0)            {                return true;            }            else            {                return false;            }         } 

参考博客：http://liuyuanjian82.blog.163.com/blog/static/40093839200942732222918/