[英]How to pass in sql “like” condition from c# with single quotes
我在C#中有字符串变量
String Condition = " And LoginName like ''%"+txtLoginName.text+"%''";
我将此条件变量传递给这样的存储过程:
SqlCommand cmd = new SqlCommand();
cmd.CommandText = "GetAllUserMasterBySearch";
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Condition ", Condition );
我的存储过程在这里:
create PROCEDURE [dbo].[GetAllUserMasterBySearch] (
@Condition nvarchar(max)
)
as
declare @Query nvarchar(max)
set @Query = 'SELECT
[UserMasterId], [LoginName], [UserName],
[UserType], [MobileNo], [Email],
[IsLogin], [IpAddress]
FROM
UserMaster
WHERE
IsActive = 1 ' + @Condition
print @query
EXEC sp_executesql @Query
如何通过C#传递“喜欢”条件?
您只能传递变量并按以下方式重写SP
alter PROCEDURE [dbo].[GetAllUserMasterBySearch] (
@var nvarchar(max)
) as
declare @Query nvarchar(max)
set @Query = 'SELECT
[UserMasterId]
,[LoginName]
,[UserName]
,[UserType]
,[MobileNo]
,[Email]
,[IsLogin]
,[IpAddress]
FROM
UserMaster
WHERE
IsActive=1 AND LoginName LIKE %' + @var + '%';
print @query
EXEC sp_executesql @Query
更新:如果要使用动态SQL,请尝试使用“''而不是“”。 老实说,我已经有一段时间没有处理动态SQL了,因为它是一种糟糕且不安全的方法(正如注释中已经提到的那样)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.