日期:2014-05-17 浏览次数:20507 次
public List<string> Columns {
get {
List<string> _columns = new List<string>();
_columns.Add("UserName");
_columns.Add("MobileNo");
return _columns;
}
}
public void GetList(Dictionary<string, string> ps) {
string sql = "SELECT * FROM Users WHERE 1 = 1 ";
string sqlWhere = "";
List<SqlParameter> lst = new List<SqlParameter>();
foreach (var p in ps) {
if (Columns.Contains(p.Key)) {
lst.Add(new SqlParameter(p.Key, p.Value));
sqlWhere += string.Format("AND {0} = @{0}", p.Key);
}
}
SqlConnection conn = new SqlConnection("Initial Catalog=UseAdmin;Data Source=(local);Integrated Security=true;");
SqlCommand cmd = new SqlCommand(sql + sqlWhere, conn);
foreach (var p in lst) { cmd.Parameters.Add(p); }
cmd.ExecuteNonQuery();
}