string sql = @"select...."
看别人写的代码
public static DataTable GetBookListDataTable(string CategorieId,string order,string search)
{
string sql = @"SELECT book.Id AS bookId,category.Name AS categoryname, * FROM
Books AS book
LEFT JOIN Categories AS category
ON book.CategoryId=category.Id
LEFT JOIN Publishers AS publish
ON book.PublisherId=publish.Id WHERE 1=1 ";
if (CategorieId != "")
{
sql += "AND CategoryId=" +Convert.ToInt16(CategorieId);
}
return DbHelp.GetDataTable(sql);
}
string sql =
@"select.." 这里的@是什么意思,为什么有的地方有有的没有,什么情况下使用,什么时候不用
------解决方案--------------------@表示忽略转义符
------解决方案--------------------这里的@不是忽略转义符的意思
而是字符串可以换行,不需要写在一行
否则得这样定义:
string sql = "SELECT book.Id AS bookId,category.Name AS categoryname, * FROM Books AS "
+" bookLEFT JOIN Categories AS categoryON book.CategoryId=category.IdLEFT JOIN "
+ "Publishers AS publishON book.PublisherId=publish.Id WHERE 1=1 ";
------解决方案--------------------这个代码,你去掉@ 和保留@,执行结果应该是一样的吧
PS: 这种字符串拼接的SQL语句存在很大的安全问题,很容易被SQL注入
------解决方案--------------------@表示忽略转义符