SqlParameter 用法
方法1:
string username = ... string password = ... string sql = "select * from Users where UserName=@username and PassWord=@password"; SqlParameter[] parms= new SqlParameter[] { new SqlParameter("@username", username), new SqlParameter("@password", password) }; DataSet dt = DBHelper.ExecuteDataQuery(sql, parms);
方法2:
string username = ... string password = ... string sql = "select * from Users where UserName=@username and PassWord=@password"; SqlParameter[] parms = { new SqlParameter("@username", SqlDbType.NVarChar,100), new SqlParameter("@password",SqlDbType.Int)}; parameters[0].Value = username; parameters[1].Value = password;
DataSet dt = DBHelper.ExecuteDataQuery(sql, parms);