params SqlParameter[] commandParameters的理解

最新推荐文章于 2022-12-21 20:00:06 发布
原创 最新推荐文章于 2022-12-21 20:00:06 发布 · 1.3k 阅读 · 1 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#C #C++ #C#

本文介绍了如何在.NET中使用params参数进行数据库操作,包括单参数和多参数的传递方式,并展示了具体的代码示例。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >


ExecuteReader(string connectionString, CommandType commandType, string commandText, params SqlParameter[] commandParameters)


[size=medium]
以params 声明的参数是说明参数的个数是可选的,可以为0个或多个。当多个时,以“,”分开传入
[/size]

一个参数:

ExecuteReader(System.Data.CommandType.Text,"select * from table1 where id =@id",new System.Data.SqlClient.SqlParameter("@id",12));

多个参数:

ExecuteReader(System.Data.CommandType.Text,"select * from table1 where id =@id and name=@name",
new System.Data.SqlClient.SqlParameter("@id",12),new System.Data.SqlClient.SqlParameter("@name","中国"));


可以这样调用

public static int ExecuteNonQuery(SqlConnection connection, CommandType cmdType, string cmdText, params   SqlParameter[] commandParameters)
        {
            //...
        }

SqlParameter   a   =   SqlParameter a = new SqlParameter("@name", "中国");
SqlParameter   b   =   SqlParameter a = new SqlParameter("@name", "中国");
SqlParameter   c   =   SqlParameter a = new SqlParameter("@name", "中国");
SqlParameter   d   =   SqlParameter a = new SqlParameter("@name", "中国");
ExecuteNonQuery(conn,   cmdType,   cmdText,   a,   b,   c,   d);


[size=medium]
因为是params 声明的,所以这个参数你可以不填。或传入一个事先设置好的SqlParameter类型的数组。
[/size]
【愚公系列】2024年01月 WPF+上位机+工业互联 090-ADO.NET的基本使用
时光隧道
09-07 2万+
数据库操作是指对数据库进行各种操作的行为,如增加、删除、修改、查询等。编程语言需要进行数据库操作,是因为数据库是一种存储和管理数据的方法,可以方便地存储和访问大量数据,因此在各种应用场景下,需要使用数据库来存储和管理数据,以提高数据存储和访问的效率和准确性。编程语言通过使用数据库操作的相关语句和接口,可以对数据库进行各种操作,从而实现对数据的存储和访问。
C#SQLServer数据库操作类
除却猩猩不是猿
03-15 3265
using System; using System.Collections.Generic; using System.Text; using System.Configuration; using System.Data; using System.Data.SqlClient; using System.Reflection; namespace {namespace}.DBUtilit
params SqlParameter[] commandParameters
sdh_down的专栏
08-20 6712
C#代码   ExecuteReader(string connectionString, CommandType commandType, string commandText, params SqlParameter[] commandParameters)   以params声明的形参说明参数的个数是可选的,可以为0个或多个。 以params声明的形参中含一个参数数组,则该参数数组
对ExecuteNonQuery,ExecuteScalar,DataSet 进行封装(params可变参数的用法)Sqlparameter
Fanbin168的专栏
03-14 5013
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Data.SqlClient; using System.Configuration; using System.Data; namespace 封装 { class SQLHelper
SqlParameter 实现数据库的插入操作,防止sql注入。
weixin_33874713的博客
04-22 153
今天学习了一下SqlParameter的用法,原来这么写是为了防止sql注入,破坏数据库的。并自己动手连接了数据库。 例子:  点击Button1按钮的时候就把数据插入数据库中。 using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web....
C#操作sqlite数据库使用SQLiteParameter传递参数
weixin_34072857的博客
09-02 2538
C# code public void AddIMG_ENTRY(img_entry model) { StringBuilder strSql = new StringBuilder(); strSql.Append("insert into IMG_ENTRY("); strSql.Append(...
SqlParameter参数方式操作数据库(存储过程)
weixin_30817749的博客
03-19 308
DataBase.cs View Code using System; using System.Data; using System.Configuration; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web...
ConnDBHelper的内容是 public static int ExecuteCommand(string safeSql) { SqlCommand cmd = new SqlCommand(safeSql, Connection); int result=cmd.ExecuteNonQuery(); return result; } public static int ExecuteCommand(string Sql,params SqlParameter[] values) { SqlCommand cmd = new SqlCommand(Sql, Connection); cmd.Parameters.AddRange(values); return cmd.ExecuteNonQuery(); }
06-08
根据您提供的 ConnDBHelper 的内容,我们可以看到 ConnDBHelper 提供了两个方法,分别是 ExecuteCommand(string safeSql) 和 ExecuteCommand(string Sql,params SqlParameter[] values)。这两个方法都是用于执行 SQL...
using System; using System.Collections.Generic; using System.Text; using System.Data; using System.Data.SqlClient; using System.Collections; using System.Configuration; namespace DBUtility { public class DbHelperSQL { // Fields public static string connectionString; // Methods static DbHelperSQL() { connectionString = ConfigurationManager.AppSettings["ConnectionString"]; } public DbHelperSQL() { } private static SqlCommand BuildIntCommand(SqlConnection connection, string storedProcName, IDataParameter[] parameters) { SqlCommand command = BuildQueryCommand(connection, storedProcName, parameters); command.Parameters.Add(new SqlParameter("ReturnValue", SqlDbType.Int, 4, ParameterDirection.ReturnValue, false, 0, 0, string.Empty, DataRowVersion.Default, null)); return command; } private static SqlCommand BuildQueryCommand(SqlConnection connection, string storedProcName, IDataParameter[] parameters) { SqlCommand command = new SqlCommand(storedProcName, connection); command.CommandType = CommandType.StoredProcedure; foreach (SqlParameter parameter in parameters) { if (parameter != null) { if (((parameter.Direction == ParameterDirection.InputOutput) || (parameter.Direction == ParameterDirection.Input)) && (parameter.Value == null)) { parameter.Value = DBNull.Value; } command.Parameters.Add(parameter); } } return command; } public static SqlDataReader ExecuteReader(string strSQL) { SqlDataReader dr; SqlConnection connection = new SqlConnection(connectionString); SqlCommand cmd = new SqlCommand(strSQL, connection); try { connection.Open(); dr= cmd.ExecuteReader(); } catch (SqlException e) { throw new Exception(e.Message); } return dr; } public static SqlDataReader ExecuteReader(string SQLString, params SqlParameter[] cmdParms) { SqlDataReader dr; SqlConnection connection = new SqlConnection(connectionString); SqlCommand cmd = new SqlCommand(); try { PrepareCommand(cmd, connection, null, SQLString, cmdParms); SqlDataReader myReader = cmd.ExecuteReader(); cmd.Parameters.Clear(); dr = myReader; } catch (SqlException e) { throw new Exception(e.Message); } return dr; } public static int ExecuteSql(string SQLString) { int count; using (SqlConnection connection = new SqlConnection(connectionString)) { using (SqlCommand cmd = new SqlCommand(SQLString, connection)) { try { connection.Open(); return cmd.ExecuteNonQuery(); } catch (SqlException E) { connection.Close(); throw new Exception(E.Message); } } } return count; } public static int ExecuteSql(string SQLString, string content) { int count; using (SqlConnection connection = new SqlConnection(connectionString)) { SqlCommand cmd = new SqlCommand(SQLString, connection); SqlParameter myParameter = new SqlParameter("@content", SqlDbType.NText); myParameter.Value = content; cmd.Parameters.Add(myParameter); try { connection.Open(); count = cmd.ExecuteNonQuery(); } catch (SqlException E) { throw new Exception(E.Message); } finally { cmd.Dispose(); connection.Close(); } } return count; } public static int ExecuteSql(string SQLString, params SqlParameter[] cmdParms) { int count; using (SqlConnection connection = new SqlConnection(connectionString)) { using (SqlCommand cmd = new SqlCommand()) { try { PrepareCommand(cmd, connection, null, SQLString, cmdParms); int rows = cmd.ExecuteNonQuery(); cmd.Parameters.Clear(); return rows; } catch (SqlException E) { throw new Exception(E.Message); } } } return count; } public static int ExecuteSqlByTime(string SQLString, int Times) { int count; using (SqlConnection connection = new SqlConnection(connectionString)) { using (SqlCommand cmd = new SqlCommand(SQLString, connection)) { try { connection.Open(); cmd.CommandTimeout = Times; return cmd.ExecuteNonQuery(); } catch (SqlException E) { connection.Close(); throw new Exception(E.Message); } } } return count; } public static object ExecuteSqlGet(string SQLString, string content) { object esg; using (SqlConnection connection = new SqlConnection(connectionString)) { SqlCommand cmd = new SqlCommand(SQLString, connection); SqlParameter myParameter = new SqlParameter("@content", SqlDbType.NText); myParameter.Value = content; cmd.Parameters.Add(myParameter); try { connection.Open(); object obj = cmd.ExecuteScalar(); if (object.Equals(obj, null) || object.Equals(obj, DBNull.Value)) { return null; } esg = obj; } catch (SqlException E) { throw new Exception(E.Message); } finally { cmd.Dispose(); connection.Close(); } } return esg; } public static int ExecuteSqlInsertImg(string strSQL, byte[] fs) { int count; using (SqlConnection connection = new SqlConnection(connectionString)) { SqlCommand cmd = new SqlCommand(strSQL, connection); SqlParameter myParameter = new SqlParameter("@fs", SqlDbType.Image); myParameter.Value = fs; cmd.Parameters.Add(myParameter); try { connection.Open(); count = cmd.ExecuteNonQuery(); } catch (SqlException E) { throw new Exception(E.Message); } finally { cmd.Dispose(); connection.Close(); } } return count; } public static void ExecuteSqlTran(ArrayList SQLStringList) { using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); SqlCommand cmd = new SqlCommand(); cmd.Connection = conn; SqlTransaction tx = conn.BeginTransaction(); cmd.Transaction = tx; try { for (int n = 0; n < SQLStringList.Count; n++) { string strsql = SQLStringList[n].ToString(); if (strsql.Trim().Length > 1) { cmd.CommandText = strsql; cmd.ExecuteNonQuery(); } } tx.Commit(); } catch (SqlException E) { tx.Rollback(); throw new Exception(E.Message); } } } public static void ExecuteSqlTran(Hashtable SQLStringList) { using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); using (SqlTransaction trans = conn.BeginTransaction()) { SqlCommand cmd = new SqlCommand(); try { foreach (DictionaryEntry myDE in SQLStringList) { string cmdText = myDE.Key.ToString(); SqlParameter[] cmdParms = (SqlParameter[])myDE.Value; PrepareCommand(cmd, conn, trans, cmdText, cmdParms); int val = cmd.ExecuteNonQuery(); cmd.Parameters.Clear(); trans.Commit(); } } catch { trans.Rollback(); throw; } } } } public static bool Exists(string strSql) { int cmdresult; object obj = GetSingle(strSql); if (object.Equals(obj, null) || object.Equals(obj, DBNull.Value)) { cmdresult = 0; } else { cmdresult = int.Parse(obj.ToString()); } if (cmdresult == 0) { return false; } return true; } public static bool Exists(string strSql, params SqlParameter[] cmdParms) { int cmdresult; object obj = GetSingle(strSql, cmdParms); if (object.Equals(obj, null) || object.Equals(obj, DBNull.Value)) { cmdresult = 0; } else { cmdresult = int.Parse(obj.ToString()); } if (cmdresult == 0) { return false; } return true; } public static int GetMaxID(string FieldName, string TableName) { object obj = GetSingle("select max(" + FieldName + ")+1 from " + TableName); if (obj == null) { return 1; } return int.Parse(obj.ToString()); } public static object GetSingle(string SQLString) { object gs; using (SqlConnection connection = new SqlConnection(connectionString)) { using (SqlCommand cmd = new SqlCommand(SQLString, connection)) { try { connection.Open(); object obj = cmd.ExecuteScalar(); if (object.Equals(obj, null) || object.Equals(obj, DBNull.Value)) { return null; } return obj; } catch (SqlException e) { connection.Close(); throw new Exception(e.Message); } } } return gs; } public static object GetSingle(string SQLString, params SqlParameter[] cmdParms) { object gs; using (SqlConnection connection = new SqlConnection(connectionString)) { using (SqlCommand cmd = new SqlCommand()) { try { PrepareCommand(cmd, connection, null, SQLString, cmdParms); object obj = cmd.ExecuteScalar(); cmd.Parameters.Clear(); if (object.Equals(obj, null) || object.Equals(obj, DBNull.Value)) { return null; } return obj; } catch (SqlException e) { throw new Exception(e.Message); } } } return gs; } private static void PrepareCommand(SqlCommand cmd, SqlConnection conn, SqlTransaction trans, string cmdText, SqlParameter[] cmdParms) { if (conn.State != ConnectionState.Open) { conn.Open(); } cmd.Connection = conn; cmd.CommandText = cmdText; if (trans != null) { cmd.Transaction = trans; } cmd.CommandType = CommandType.Text; if (cmdParms != null) { foreach (SqlParameter parameter in cmdParms) { if (((parameter.Direction == ParameterDirection.InputOutput) || (parameter.Direction == ParameterDirection.Input)) && (parameter.Value == null)) { parameter.Value = DBNull.Value; } cmd.Parameters.Add(parameter); } } } public static DataSet Query(string SQLString) { using (SqlConnection connection = new SqlConnection(connectionString)) { DataSet ds = new DataSet(); try { connection.Open(); new SqlDataAdapter(SQLString, connection).Fill(ds, "ds"); } catch (SqlException ex) { throw new Exception(ex.Message); } return ds; } } public static DataSet Query(string SQLString,int pageindx,int pagesize,string tablename) { using (SqlConnection connection = new SqlConnection(connectionString)) { DataSet ds = new DataSet(); try { connection.Open(); new SqlDataAdapter(SQLString, connection).Fill(ds,pageindx,pagesize,tablename); } catch (SqlException ex) { throw new Exception(ex.Message); } return ds; } } public static DataSet Query(string SQLString, int Times) { using (SqlConnection connection = new SqlConnection(connectionString)) { DataSet ds = new DataSet(); try { connection.Open(); SqlDataAdapter command = new SqlDataAdapter(SQLString, connection); command.SelectCommand.CommandTimeout = Times; command.Fill(ds, "ds"); } catch (SqlException ex) { throw new Exception(ex.Message); } return ds; } } public static DataSet Query(string SQLString, params SqlParameter[] cmdParms) { DataSet dsq; using (SqlConnection connection = new SqlConnection(connectionString)) { SqlCommand cmd = new SqlCommand(); PrepareCommand(cmd, connection, null, SQLString, cmdParms); using (SqlDataAdapter da = new SqlDataAdapter(cmd)) { DataSet ds = new DataSet(); try { da.Fill(ds, "ds"); cmd.Parameters.Clear(); } catch (SqlException ex) { throw new Exception(ex.Message); } dsq = ds; } } return dsq; } public static DataSet Query(string SQLString,string tablename) { using (SqlConnection connection = new SqlConnection(connectionString)) { DataSet ds = new DataSet(); try { connection.Open(); new SqlDataAdapter(SQLString, connection).Fill(ds, tablename); } catch (SqlException ex) { throw new Exception(ex.Message); } return ds; } } public static SqlDataReader RunProcedure(string storedProcName, IDataParameter[] parameters) { SqlConnection connection = new SqlConnection(connectionString); connection.Open(); SqlCommand command = BuildQueryCommand(connection, storedProcName, parameters); command.CommandType = CommandType.StoredProcedure; return command.ExecuteReader(); } public static int RunProcedure(string storedProcName, IDataParameter[] parameters, out int rowsAffected) { using (SqlConnection connection = new SqlConnection(connectionString)) { connection.Open(); SqlCommand command = BuildIntCommand(connection, storedProcName, parameters); rowsAffected = command.ExecuteNonQuery(); int result = (int)command.Parameters["ReturnValue"].Value; connection.Close(); return result; } } public static DataSet RunProcedure(string storedProcName, IDataParameter[] parameters, string tableName) { using (SqlConnection connection = new SqlConnection(connectionString)) { DataSet dataSet = new DataSet(); connection.Open(); SqlDataAdapter sqlDA = new SqlDataAdapter(); sqlDA.SelectCommand = BuildQueryCommand(connection, storedProcName, parameters); sqlDA.Fill(dataSet, tableName); connection.Close(); return dataSet; } } public static DataSet RunProcedure(string storedProcName, IDataParameter[] parameters, string tableName, int Times) { using (SqlConnection connection = new SqlConnection(connectionString)) { DataSet dataSet = new DataSet(); connection.Open(); SqlDataAdapter sqlDA = new SqlDataAdapter(); sqlDA.SelectCommand = BuildQueryCommand(connection, storedProcName, parameters); sqlDA.SelectCommand.CommandTimeout = Times; sqlDA.Fill(dataSet, tableName); connection.Close(); return dataSet; } } public static void RunStatProcedure(string storedProcName, IDataParameter[] parameters, out int rowsAffected) { using (SqlConnection connection = new SqlConnection(connectionString)) { connection.Open(); SqlCommand command = BuildIntCommand(connection, storedProcName, parameters); rowsAffected = command.ExecuteNonQuery(); connection.Close(); } } } }
最新发布
07-25
public static DataTable ExecuteDataTable(string cmdText, params SqlParameter[] parameters) { using (SqlConnection conn = new SqlConnection(connectionString)) { conn.Open(); using (SqlCommand cmd...
C#个人珍藏基础类库分享 — 6、数据库处理帮助类SqlHelper
MarcoPro的博客
12-21 1238
做.NET开发的同学,一套简单易用的基础类库是必不可少的,这里把我混迹C#圈子十余载珍藏的类库分享出来,希望能够给刚踏入开发门槛的朋友一些帮助。数据库操作是后台开发每天都会接触到的,这里从简单sql操作、带参数sql操作和存储过程操作这几个方面进行了整理。C#个人珍藏基础类库分享 — 6、数据库处理帮助类SqlHelper。C#个人珍藏基础类库分享 — 7、Xml处理帮助类XmlHelper。C#个人珍藏基础类库分享 — 8、通用工具帮助类ToolHelper。2、执行带参数的SQL语句。
C# 关于 Command.Parameters
热门推荐
小猪的Blog
03-16 1万+
         一开始使用OleDbCommand.Parameters 属性采用命名的参数的形式,虽然编译可以通过,但是只与参数顺序有关,而不能赋值给参数,还以为是微软的Bug,后才知道自己错了.查MSDN整理下:关于OleDbCommand.Parameters 属性      如果 CommandType 设置为 Text,OLE DB .NET 提供程序不支持将参数传递给 OleDb
SqlParameter的作用与用法
ay991120的博客
10-13 950
一般来说,在更新DataTable或是DataSet时,如果不采用SqlParameter,那么当输入的Sql语句出现歧义时,如字符串中含有单引号,程序就会发生错误,并且他人可以轻易地通过拼接Sql语句来进行注入攻击。 sqlhelper里: AddRange方法 public static string connstr = ConfigurationManager.ConnectionStrings["sql"].ConnectionString; //查询语句
c# mysql 增删改查 避免sqlparameter_C#对数据库的操作(增删改查)
weixin_34781110的博客
02-23 184
1、【在web.config文件中配置】2、【连接字符串】private static readonly string StrCon = ConfigurationManager.ConnectionStrings["sqlConnection"].ToString();3、【查询数据方法】 /// /// 查询数据/// /// 查询语句/// 参数/// public static DataT...
SqlParameter 多个参数动态拼接解决参数化问题
weixin_33738555的博客
05-02 1318
多个参数化是固定比较easy,多个动态的就有点。。。工作中遇到的问题整理下来分享 ,上代码 SqlParameter[] param = new SqlParameter[] { }; List&lt;SqlParameter&gt; sqlParameterList = new List&lt;SqlParameter&gt;(); /...
SqlCommand的Parameters的用法
weixin_30369087的博客
03-09 346
SqlCommand的Parameters的用法 可以用的SqlCommand的Parameters的方法SqlCommand cmd=new ("insert into notice(ly_title) values(@ly_title)",conn);//一、最正规的写法。cmd.Parameters.Add(new SqlParameter("@ly_title",SqlDbType.N...
sql参数数组,及调用。SqlParameter[] Parameters
雨水霂
03-17 7032
1、参数数组: SqlParameter[] Parameters = new SqlParameter[] { new SqlParameter("@ID", ID), new SqlParameter("@Bh", Bh), new SqlParameter("@StuffName", StuffName), new SqlParameter("@Sex", Sex), new SqlP
SqlHelper(带详细中文注释)
深海之蓝的个人专栏
05-24 798
using System;using System.Data;using System.Xml;using System.Data.SqlClient;using System.Collections;namespace hkszyy{ ///  /// SqlServer数据访问帮助类 ///  public sealed class SqlHelper {  #region 私有构造函数和
如何使用Command对象
技术=生存?!
01-22 1372
使用命令对象 命令对象代表一个命令(例如,一个SQL查询或一个SQL存储过程)。用连接对象的Execute方法和记录集对象的Open方法可以用来执行命令字符串。考虑下面这两个例子:         RS.Open "SELECT * FROM Mytable",MyConn        MyConn.Execute "UPDATE Mytable SET Mycolumn=He
mysql增删改查_C# ADO.NET 实现对MySql数据库的增删改查
weixin_39883440的博客
11-16 442
1、创建数据库和表创建数据库:CREATE DATABASE `AuthorizationData`创建表:CREATE TABLE `AuthorizationData`.`InstrumentNewTable` ( `ID` int(10) unsigned NOT NULL AUTO_INCREMENT, `Name` varchar(100) DEFAULT '""', `MachineI...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值