SQLParameter[]安全传值 和 DataTable与List<T>的运用
将DataTable中的数据装到List<T>中
/// <summary>
/// 返回所有类别集合
/// </summary>
/// <returns></returns>
public List<Category> Select()
{
List<Category> list = new List<Category>();
string sql = "select id,caname,pid from nn_category";
DataTable dt = helper.ExecuteQuery(sql);
foreach (DataRow row in dt.Rows)
{
string id = row[0].ToString();
string caname = row[1].ToString();
string pid = row[2].ToString();
list.Add(new Category() { Id = id, Caname = caname, Pid = pid });
}
return list;
}
/// 返回所有类别集合
/// </summary>
/// <returns></returns>
public List<Category> Select()
{
List<Category> list = new List<Category>();
string sql = "select id,caname,pid from nn_category";
DataTable dt = helper.ExecuteQuery(sql);
foreach (DataRow row in dt.Rows)
{
string id = row[0].ToString();
string caname = row[1].ToString();
string pid = row[2].ToString();
list.Add(new Category() { Id = id, Caname = caname, Pid = pid });
}
return list;
}
将值安全的传到SQL语句中执行
/// <summary>
/// 修改分类
/// </summary>
/// <param name="id">要修改的ID</param>
/// <param name="pid">修改后的分类父ID</param>
/// <returns></returns>
public bool Update(string id, string pid)
{
string sql = "update nn_category set pid=@pid where id=@id";
SQLParameter[] paras = new SQLParameter[]{
new SQLParameter("@id",(id as object)),
new SQLParameter("@pid",(pid as object))
};
return helper.ExecuteNonQuery(sql, paras);
}
/// 修改分类
/// </summary>
/// <param name="id">要修改的ID</param>
/// <param name="pid">修改后的分类父ID</param>
/// <returns></returns>
public bool Update(string id, string pid)
{
string sql = "update nn_category set pid=@pid where id=@id";
SQLParameter[] paras = new SQLParameter[]{
new SQLParameter("@id",(id as object)),
new SQLParameter("@pid",(pid as object))
};
return helper.ExecuteNonQuery(sql, paras);
}
