在C#里面如何写参数化sql语句,参数个数不定,就像多条件查询
日期:2014-05-18 浏览次数:20660 次
在C#里面怎么写参数化sql语句,参数个数不定,就像多条件查询
如题
------解决方案--------------------
写一个存储过程
[code=sql]
ALTER PROCEDURE dbo.Infosearch
(
@bmid smallint = null,
@xm varchar(10)=null,
@xb varchar(10)=null,
@strage smallint=null,
@endage smallint=null,
@zzmm varchar(10)=null,
@xl varchar(10)=null,
@zw varchar(10)=null
)
AS
/* SET NOCOUNT ON */
declare @sql varchar(100)
if @bmid is not null
begin
set @sql=' where 部门ID='+Convert(varchar(10),@bmid)
end
if @xm is not null
begin
if @sql is not null
set @sql=@sql+' and 姓名like'+@xm
else set @sql=' where 姓名like'+@xm
end
if @xb is not null
begin
if @sql is not null
set @sql=@sql+' and 性别='+@xb
else set @sql=' where 性别='+@xb
end
if @strage is not null
begin
if @sql is not null
set @sql=@sql+' and 年龄between '+Convert(varchar(10),@strage)
else set @sql=' where 年龄between '+Convert(varchar(10),@strage)
end
if @endage is not null
begin
set @sql=@sql+' and '+Convert(varchar(10),@endage)
end
if @zzmm is not null
begin
if @sql is not null
set @sql=@sql+' and 政治面貌='+@zzmm
else set @sql=' where 政治面貌='+@zzmm
end
if @xl is not null
begin
if @sql is not null
set @sql=@sql+' and 学历='+@xl
else set @sql=' where 学历='+@xl
end
if @zw is not null
begin
if @sql is not null
set @sql=@sql+' and 职位='+@zw
else set @sql=' where 职位='+@zw
end
exec('select 职工号,姓名,性别,年龄,学历,婚姻状况,政治面貌from yuangong'+@sql)
RETURN
[/code]
------解决方案--------------------
public static IDataReader ExecuteReader(DbCommand comm, string sql, params object[] value)
{
comm.CommandText = sql;
if (value != null && value.Length >= 0)
{
if (comm.CommandText.IndexOf("?") == -1)
{
string[] temp = sql.Split('@');
for (int i = 0; i < value.Length; i++)
{
string pName;
if (temp[i + 1].IndexOf(" ") > -1)
{
pName = "@" + temp[i + 1].Substring(0, temp[i + 1].IndexOf(" "));
}
else
{
pName = "@" + temp[i + 1];
}
//pName = "@p" + (i + 1).ToString();
DbParameter p = comm.CreateParameter();
p.DbType = DbType.String;
p.ParameterName = pName;
p.Value = value[i];
comm.Parameters.Add(p);
}
}
else
{
string[] temp = sql.Split('?');
for (int i = 0; i < value.Length; i++)
{
temp[i] = temp[i] + "@p" + (i + 1).ToString();
string pName = "@p" + (i + 1).ToString();
DbParameter p = comm.CreateParameter();
p.DbType = DbType.String;
如题
------解决方案--------------------
写一个存储过程
[code=sql]
ALTER PROCEDURE dbo.Infosearch
(
@bmid smallint = null,
@xm varchar(10)=null,
@xb varchar(10)=null,
@strage smallint=null,
@endage smallint=null,
@zzmm varchar(10)=null,
@xl varchar(10)=null,
@zw varchar(10)=null
)
AS
/* SET NOCOUNT ON */
declare @sql varchar(100)
if @bmid is not null
begin
set @sql=' where 部门ID='+Convert(varchar(10),@bmid)
end
if @xm is not null
begin
if @sql is not null
set @sql=@sql+' and 姓名like'+@xm
else set @sql=' where 姓名like'+@xm
end
if @xb is not null
begin
if @sql is not null
set @sql=@sql+' and 性别='+@xb
else set @sql=' where 性别='+@xb
end
if @strage is not null
begin
if @sql is not null
set @sql=@sql+' and 年龄between '+Convert(varchar(10),@strage)
else set @sql=' where 年龄between '+Convert(varchar(10),@strage)
end
if @endage is not null
begin
set @sql=@sql+' and '+Convert(varchar(10),@endage)
end
if @zzmm is not null
begin
if @sql is not null
set @sql=@sql+' and 政治面貌='+@zzmm
else set @sql=' where 政治面貌='+@zzmm
end
if @xl is not null
begin
if @sql is not null
set @sql=@sql+' and 学历='+@xl
else set @sql=' where 学历='+@xl
end
if @zw is not null
begin
if @sql is not null
set @sql=@sql+' and 职位='+@zw
else set @sql=' where 职位='+@zw
end
exec('select 职工号,姓名,性别,年龄,学历,婚姻状况,政治面貌from yuangong'+@sql)
RETURN
[/code]
------解决方案--------------------
public static IDataReader ExecuteReader(DbCommand comm, string sql, params object[] value)
{
comm.CommandText = sql;
if (value != null && value.Length >= 0)
{
if (comm.CommandText.IndexOf("?") == -1)
{
string[] temp = sql.Split('@');
for (int i = 0; i < value.Length; i++)
{
string pName;
if (temp[i + 1].IndexOf(" ") > -1)
{
pName = "@" + temp[i + 1].Substring(0, temp[i + 1].IndexOf(" "));
}
else
{
pName = "@" + temp[i + 1];
}
//pName = "@p" + (i + 1).ToString();
DbParameter p = comm.CreateParameter();
p.DbType = DbType.String;
p.ParameterName = pName;
p.Value = value[i];
comm.Parameters.Add(p);
}
}
else
{
string[] temp = sql.Split('?');
for (int i = 0; i < value.Length; i++)
{
temp[i] = temp[i] + "@p" + (i + 1).ToString();
string pName = "@p" + (i + 1).ToString();
DbParameter p = comm.CreateParameter();
p.DbType = DbType.String;
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
