[英]How to use SqlDataReader with a parametrized query in c#?
我正在查看參數化查詢問題,找不到使用SqlDataReader
和參數化查詢來填充下拉列表的示例。
現在,我可以在這里使用我的代碼來填充下拉列表
if (!this.IsPostBack)
{
using (SqlConnection con = new SqlConnection(SQLConnectionString))
{
System.Data.SqlClient.SqlCommand go = new System.Data.SqlClient.SqlCommand();
con.Open();
go.Connection = con;
go.CommandText = "SELECT InsuredID, FirstName, LastName FROM [Lab2].[dbo].[INSURED]";
go.ExecuteNonQuery();
SqlDataReader readIn = go.ExecuteReader();
while (readIn.Read())
{
ddlHomeInsuredID.Items.Add(
new ListItem(readIn["InsuredID"].ToString() + " : " + readIn["FirstName"].ToString()
+ " " + readIn["LastName"].ToString()));
}
con.Close();
ddlHomeInsuredID.Items.Insert(0, new ListItem("--Select InsuredID--", "0"));
}
}
但是,我想將此選擇語句參數化。 我怎樣才能做到這一點? 我很喜歡編寫如下的參數化插入語句:
using (SqlConnection connection = new SqlConnection(SQLConnectionString))
{
SqlCommand command = new SqlCommand();
command.Connection = connection;
command.CommandType = System.Data.CommandType.Text;
command.CommandText = @"INSERT INTO [Lab2].[dbo].[INSURED] ([FirstName], [LastName], [MI], [DateOfBirth],
[CreditScore], [AddressID], [DriversLicenseNumber], [LastUpdatedBy], [LastUpdated]) VALUES
(@firstName, @lastName, @middleInitial, @dateOfBirth, @creditScore, @addressID,
@driversLicenseNumber, @lastUpdatedBy, @lastUpdated)";
command.Parameters.Add("@firstName", SqlDbType.VarChar, 20).Value = Insured.insuredArr[j].getFirstName();
command.Parameters.Add("@lastName", SqlDbType.VarChar, 30).Value = Insured.insuredArr[j].getLastName();
command.Parameters.Add("@middleInitial", SqlDbType.Char, 1).Value = Insured.insuredArr[j].getMiddleInitial();
command.Parameters.Add("@dateOfBirth", SqlDbType.VarChar, 30).Value = Insured.insuredArr[j].getDateOfBirth();
command.Parameters.Add("@creditScore", SqlDbType.Int).Value = Insured.insuredArr[j].getCreditScore();
command.Parameters.Add("@addressID", SqlDbType.Int).Value = Insured.insuredArr[j].getAddressID();
command.Parameters.Add("@driversLicenseNumber", SqlDbType.VarChar, 30).Value = Insured.insuredArr[j].getDriversLicenseNumber();
command.Parameters.Add("@lastUpdatedBy", SqlDbType.VarChar, 20).Value = Insured.insuredArr[j].getLastUpdatedBy();
command.Parameters.Add("@lastUpdated", SqlDbType.Date).Value = Insured.insuredArr[j].getLastUpdated();
connection.Open();
command.ExecuteNonQuery();
connection.Close();
}
MsgBox("Record(s) inserted into database", this.Page, this);
因此,如何像第二個示例一樣進行第一個查詢?
謝謝
納姆里克
首先, ExecuteNonQuery()
方法的使用對SELECT
查詢無效,請堅持使用ExecuteReader()
因為您要返回查詢結果。 這是ExecuteNonQuery
方法的用法描述:
您可以使用ExecuteNonQuery執行目錄操作(例如,查詢數據庫的結構或創建數據庫對象,例如表),或通過執行UPDATE,INSERT或DELETE語句來更改數據庫中的數據而不使用DataSet。
修改后的查詢流應如下所示:
using (SqlConnection con = new SqlConnection(SQLConnectionString))
{
SqlCommand go = new SqlCommand();
con.Open();
go.Connection = con;
go.CommandText = "SELECT InsuredID, FirstName, LastName FROM [Lab2].[dbo].[INSURED]";
SqlDataReader readIn = go.ExecuteReader();
while (readIn.Read())
{
// reading data from reader
}
con.Close();
// other stuff
}
如果要對SELECT
語句使用參數化查詢,則需要在WHERE
子句中至少包含一列(和一個參數名稱)(請參見下面的示例):
SELECT InsuredID, FirstName, LastName FROM [Lab2].[dbo].[INSURED] WHERE InsuredID = @InsuredID
然后,您可以使用SqlParameter
將參數值傳遞到上面的查詢中:
using (SqlConnection con = new SqlConnection(SQLConnectionString))
{
System.Data.SqlClient.SqlCommand go = new System.Data.SqlClient.SqlCommand();
con.Open();
go.Connection = con;
go.CommandText = "SELECT InsuredID, FirstName, LastName FROM [Lab2].[dbo].[INSURED] WHERE InsuredID = @InsuredID";
go.Parameters.Add("@InsuredID", SqlDbType.Int).Value = 1; // example value for parameter passing
SqlDataReader readIn = go.ExecuteReader();
while (readIn.Read())
{
// reading data from reader
}
con.Close();
// other stuff
}
注意:避免在執行具有相同活動連接的SELECT
語句來填充數據的同時執行INSERT/UPDATE/DELETE
操作,應先關閉先前的連接,然后再執行另一個查詢。
更多示例:
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.