日期:2014-05-18 浏览次数:20425 次
string qry = "INSERT INTO tblUser values(@name, @pwd, @roleID, @status, @memo)"; using (SqlConnection conn = SQLHelper.GetConnection()) { try { SqlCommand cmd = new SqlCommand(qry, conn); cmd.Parameters.Add("@name", SqlDbType.NVarChar); cmd.Parameters["@name"].Value = user.LoginName;
StringBuilder sb = new StringBuilder(); SqlCommand cmd = new SqlCommand(); sb.Append("SELECT * FROM tblUser WHERE 1=1"); if (user != null) { if (!String.IsNullOrEmpty(user.LoginName)) { string name = user.LoginName; // [color=#FF0000]我在这里先声明了一个临时变量,暂时只会这么做,有更好的方法吗?[/color] sb.Append(" and tu_LoginName LIKE '%" + @name + "%'"); cmd.Parameters.Add("@name", SqlDbType.VarChar); cmd.Parameters["@name"].Value = user.LoginName; }