66M*_*Mhz 6 c# asp.net parameters sqlcommand
我在获取以下代码以正确添加SqlCommand参数时遇到问题@vendor.由于某种原因,传递的查询似乎总是:
select TOP 500 *
from [mike_db].[dbo].[na_pe_sql_import]
where vendname like '%@vendor%';
如果我像这样设置查询,它可以工作,但我知道这是不好的做法:
string strQuery = "select TOP 500 * from [mike_db].[dbo].[na_pe_sql_import] where vendname like '%"+txt_search.Text.ToString()+"%';";
这是代码:
protected void Search_Click(object sender, EventArgs e)
{
string search = txt_search.Text.ToString();
String strConnString = System.Configuration.ConfigurationManager.ConnectionStrings["mike_db"].ConnectionString;
SqlConnection con = new SqlConnection(strConnString);
con.Open();
string strQuery = "select TOP 500 * from [mike_db].[dbo].[na_pe_sql_import] where vendname like '%@vendor%';";
cmd = new SqlCommand(strQuery, con);
cmd.Parameters.AddWithValue("vendor", search);
txt_search.Text = string.Empty;
DataSet ds = new DataSet();
da = new SqlDataAdapter(cmd);
da.Fill(ds);
My_Repeater.DataSource = ds;
My_Repeater.DataBind();
con.Close();
}
Gra*_*ICA 11
我认为@vendor在查询中将其视为文字,而不是参数.
尝试按如下方式定义查询:
string strQuery =
"select TOP 500 * from [mike_db].[dbo].[na_pe_sql_import] where vendname like '%' + @vendor + '%'";
然后添加如下参数:
cmd.Parameters.AddWithValue("@vendor", search);
| 归档时间: |
|
| 查看次数: |
6805 次 |
| 最近记录: |