[英]using stating for sqlcommand.executescalar
我正在使用using語句來驗證客戶編號。
using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString))
{
connection.Open();
using (SqlCommand cmdCheck = new SqlCommand("SELECT COUNT(CUSTOMER_NO) FROM WEBSITE_CUSTOMERS WHERE UPPER(CUSTOMER_NO) = '" + strCustomer.Trim().ToUpper() + "';", connection))
{
int nExists = (int)cmdCheck.ExecuteScalar();
if (nExists > 0)
return true;
else
return false;
}
}
這是以前在stackoverflow上向我建議的用於檢查預先存在的記錄的代碼...雖然效果很好,但是我想知道是否有一種方法可以將參數用於客戶編號,因為此變量是通過表單輸入的,我想保護它免受注射。 當這樣的using語句中的cmdCheck參數在哪里創建?
初始化命令后,添加參數。 一個便捷的方法是AddWithValue :
const string sql = @"SELECT
COUNT(CUSTOMER_NO)
FROM
WEBSITE_CUSTOMERS
WHERE
UPPER(CUSTOMER_NO) = @CUSTOMER_NO;";
using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString))
{
using (SqlCommand cmdCheck = new SqlCommand(sql, connection))
{
cmdCheck.Parameters.AddWithValue("@CUSTOMER_NO", strCustomer.Trim().ToUpper());
connection.Open();
int nExists = (int)cmdCheck.ExecuteScalar();
return nExists > 0;
}
}
SqlCommand.ExecuteScalar()上的InvalidOperationException
[英]InvalidOperationException on SqlCommand.ExecuteScalar()
使用SqlCommand.ExecuteScalar()時是否需要放置前1
[英]Do I need to put top 1 when using SqlCommand.ExecuteScalar()
SqlCommand.ExecuteScalar()函數未返回插入行的ID
[英]The SqlCommand.ExecuteScalar() function is not returning the Id of the inserted row
當執行SqlCommand.ExecuteScalar()時,Visual Studio停止調試
[英]Visual Studio stops debugging when SqlCommand.ExecuteScalar() is executed
SqlCommand.ExecuteScalar返回null,但原始SQL不返回
[英]SqlCommand.ExecuteScalar returns null but raw SQL does not
使用SqlCommand.ExecuteScalar()從序列中選擇高磁盤使用時返回NULL
[英]Select from sequence with SqlCommand.ExecuteScalar() returns NULL when high disk usage
與鏈接的OLAP服務器的SqlCommand.ExecuteScalar不返回任何值
[英]SqlCommand.ExecuteScalar with linked OLAP server doesn't return any value
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.