public static Agent CreateAgent(Agent agent)
{
IConnection cnn = ConnectionManager.GetConnection();
cnn.Open();
ITransaction trans = cnn.BeginTransaction();
ICommand cmd;
int i=0;
int effectedRows = 0;
Guid agentId = Guid.NewGuid();
string sql = "INSERT INTO [B2B_Agent]( "
+ " [AgentId], [Code], [Type], [Level], "
+ " [CompanyName], [CompanyNameShort], [ProvinceCode], [CityCode], "
+ " [Address], [PostCode], [Linkman], [Email], [Tel], "
+ " [MobileTel], [Msn], [QQ], [IsProvider], [IsPurchaser], [State], [RegisterDate], [Introducer], [CommisionMode]) "
+ " VALUES( "
+ " ?, '', ?, ?, "
+ " ?, ?, ?, ?, "
+ " ?, ?, ?, ?, ?, "
+ " ?, ?, ?, ?, ?, ?, getdate(), '', ?) ";
cmd = cnn.CreateCommand(sql);
cmd.Transaction = trans;
cmd.SetGuid(i, agentId); i++;
cmd.SetInt(i, agent.Type); i++;
cmd.SetInt(i, agent.Level); i++;
cmd.SetNVarChar(i, agent.CompanyName); i++;
cmd.SetNVarChar(i, agent.CompanyNameShort); i++;
cmd.SetInt(i, agent.ProvinceCode); i++;
cmd.SetInt(i, agent.CityCode); i++;
cmd.SetNVarChar(i, agent.Address); i++;
cmd.SetVarChar(i, agent.PostCode); i++;
cmd.SetNVarChar(i, agent.Linkman); i++;
cmd.SetVarChar(i, agent.Email);i++;
cmd.SetVarChar(i, agent.Tel); i++;
cmd.SetVarChar(i, agent.MobileTel); i++;
cmd.SetVarChar(i, agent.Msn); i++;
cmd.SetVarChar(i, agent.QQ); i++;
cmd.SetBit(i, agent.IsProvider); i++;
cmd.SetBit(i, agent.IsPurchaser); i++;
cmd.SetInt(i, agent.State); i++;
cmd.SetInt(i, agent.CommisionMode); i++;
//cmd.SetBit(i, agent.IsProvider); i++;
//cmd.SetBit(i, agent.IsPurchaser); i++;
try
{
effectedRows = cmd.ExecuteNonQuery();
}
catch(Exception e)
{
goto Error;
}
if (!(effectedRows >0))
{
goto Error;
}
trans.Commit();
cnn.Close();
return GetAgentById(agentId);
Error:
trans.Rollback();
cnn.Close();
return null;
} "?" 的作用是防止编码混乱;或者delete table1 where a=1 or 1=1
declare @A varchar set@A='1 or 1=1'
delete table1 where a=@A
