[英]using stating for sqlcommand.executescalar
我正在使用using语句来验证客户编号。
using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString))
{
connection.Open();
using (SqlCommand cmdCheck = new SqlCommand("SELECT COUNT(CUSTOMER_NO) FROM WEBSITE_CUSTOMERS WHERE UPPER(CUSTOMER_NO) = '" + strCustomer.Trim().ToUpper() + "';", connection))
{
int nExists = (int)cmdCheck.ExecuteScalar();
if (nExists > 0)
return true;
else
return false;
}
}
这是以前在stackoverflow上向我建议的用于检查预先存在的记录的代码...虽然效果很好,但是我想知道是否有一种方法可以将参数用于客户编号,因为此变量是通过表单输入的,我想保护它免受注射。 当这样的using语句中的cmdCheck参数在哪里创建?
初始化命令后,添加参数。 一个便捷的方法是AddWithValue :
const string sql = @"SELECT
COUNT(CUSTOMER_NO)
FROM
WEBSITE_CUSTOMERS
WHERE
UPPER(CUSTOMER_NO) = @CUSTOMER_NO;";
using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString))
{
using (SqlCommand cmdCheck = new SqlCommand(sql, connection))
{
cmdCheck.Parameters.AddWithValue("@CUSTOMER_NO", strCustomer.Trim().ToUpper());
connection.Open();
int nExists = (int)cmdCheck.ExecuteScalar();
return nExists > 0;
}
}
SqlCommand.ExecuteScalar()上的InvalidOperationException
[英]InvalidOperationException on SqlCommand.ExecuteScalar()
使用SqlCommand.ExecuteScalar()时是否需要放置前1
[英]Do I need to put top 1 when using SqlCommand.ExecuteScalar()
SqlCommand.ExecuteScalar()函数未返回插入行的ID
[英]The SqlCommand.ExecuteScalar() function is not returning the Id of the inserted row
当执行SqlCommand.ExecuteScalar()时,Visual Studio停止调试
[英]Visual Studio stops debugging when SqlCommand.ExecuteScalar() is executed
SqlCommand.ExecuteScalar返回null,但原始SQL不返回
[英]SqlCommand.ExecuteScalar returns null but raw SQL does not
使用SqlCommand.ExecuteScalar()从序列中选择高磁盘使用时返回NULL
[英]Select from sequence with SqlCommand.ExecuteScalar() returns NULL when high disk usage
与链接的OLAP服务器的SqlCommand.ExecuteScalar不返回任何值
[英]SqlCommand.ExecuteScalar with linked OLAP server doesn't return any value
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.