真的是一个简单的问题,我有两个变量"one_hour_ago"和"current_time",我需要在我的sql命令中传递这两个变量,如:
string commandString = "SELECT * from myTable where time between one_hour_ago and current_time";
这是我的,但我得到语法错误
string commandString = "SELECT * from myTable where TS between ' and /" + one_hour_ago + "'" + current_time + "/";
谢谢
string sqlString = "SELECT * FROM myTable WHERE time BETWEEN @before AND @current_time";
SqlCommand oCmd = new SqlCommand(sqlString , connString);
oCmd.Parameters.AddWithValue("@before", date_before);
oCmd.Parameters.AddWithValue("@current_time", currentTime);
where date_before和currentTime是传递给方法的参数.
这应该照顾sql注入的东西
| 归档时间: |
|
| 查看次数: |
1728 次 |
| 最近记录: |