获取的参数如下:
string lgoodsid = e.CommandArgument.ToString();
string lcolor = ((Button)Repeater2.Items[m].FindControl("buttoncolor")).Text;
SqlConnection myConn = new SqlConnection(myStr);
SqlCommand cmd = new SqlCommand();
cmd.CommandText = "select * from OY_GoodsImage where [GoodsID]=@lgoodsid and [Color]=@lcolor";
//cmd.Parameters.AddWithValue("@lcolor", lcolor);
//cmd.Parameters.AddWithValue("@lgoodsid", lgoodsid);
cmd.Parameters.Add("@lcolor", SqlDbType.NVarChar).Value = lcolor;
cmd.Parameters.Add("@lgoodsid", SqlDbType.NVarChar).Value = lgoodsid;
可行的方法2
cmd.CommandText = "select * from OY_GoodsImage where [GoodsID]='"+lgoodsid +"'and [Color]='"+@lcolor+"'";
相关参考代码
string insertCommand = "insert into 采购单(采购单号,产品名称,库存数量,成本价格) values('" + id + "','" + name + "','" +
num + "','" + price + "')";
SqlParameter dbParameter_state = new SqlParameter();
dbParameter_state.ParameterName = "@state";
dbParameter_state.Value = state;
dbParameter_state.DbType = DbType.StringFixedLength;
dbCommand.Parameters.Add(dbParameter_state);
dbCommand.parameters.Add("@state",DbType.StringFixedLength,50,state);
1、参数名
2、参数类型
3、参数长度
4、传递值
范例1
protected void Button1_Click(object sender, EventArgs e)
{
//从窗体中获取值
string name, id, num, price, sum;
name = ProName.Text;
id = ProID.Text;
num = ProNum.Text;
price = ProPrice.Text;
sum = ProSum.Text;
string sqlstring = "Server=localhost;uid=sa;pwd=2613000;database=Stock";
System.Data.SqlClient.SqlConnection conn
= new System.Data.SqlClient.SqlConnection(sqlstring);
conn.Open();
string insertCommand = "insert into 采购单(采购单号,产品名称,库存数量,成本价格)values({0},{1},{2},{3})";
System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(string.Format(insertCommand,
id,name,num,price), conn);
//执行语句
cmd.ExecuteNonQuery();
//关闭连接
conn.Close();
Response.Write(" <script>alert('写入成功!') </script>");
}
范例2
protected void Button1_Click(object sender, EventArgs e)
{
//从窗体中获取值
string name, id, num, price, sum;
name = ProName.Text;
id = ProID.Text;
num = ProNum.Text;
price = ProPrice.Text;
sum = ProSum.Text;
string sqlstring = "Server=localhost;uid=sa;pwd=2613000;database=Stock";
System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(sqlstring);
conn.Open();
string insertCommand = "insert into 采购单(采购单号,产品名称,库存数量,成本价格)values(@id,@name,@num,@price)";
System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(insertCommand,conn);
cmd.Parameters.Add("@id", SqlDbType.NVarChar).Value=id;
cmd.Parameters.Add("@name", SqlDbType.NVarChar).Value=name; // 用具体的字段数据类型替换SqlDbType
cmd.Parameters.Add("@num", SqlDbType.NVarChar).Value=num;
cmd.Parameters.Add("@price", SqlDbType.NVarChar).Value=price;//执行语句
cmd.ExecuteNonQuery();
//关闭连接
conn.Close();
Response.Write(" <script>alert('写入成功!') </script>");
}范例3 数组形式批量添加参数
paramNames:参数的数组
for (int i = 0; i < paramNames.Count; i++)
{
if (objParamValues[i].GetType().ToString() == "System.DateTime")
{//是时间类型,用Add替换
OleDbParameter p = new OleDbParameter();
p.ParameterName = paramNames[i];
p.OleDbType = OleDbType.Date;
p.Value = objParamValues[i];
cmd.Parameters.Add(p);
}
else
cmd.Parameters.AddWithValue(paramNames[i], objParamValues[i]);
}
SqlParameter[] parameters = {
new SqlParameter("@tblName", SqlDbType.VarChar,255),
new SqlParameter("@fldName",SqlDbType.VarChar,255),
new SqlParameter("@PageSize", SqlDbType.Int),
new SqlParameter("@PageIndex", SqlDbType.Int),
new SqlParameter("@IsReCount",SqlDbType.Bit),
new SqlParameter("@OrderType",SqlDbType.Bit),
new SqlParameter("@strWhere",SqlDbType.VarChar,1000)
};
parameters[0].Value = tblName;
parameters[1].Value = fldName;
parameters[2].Value = PageSize;
parameters[3].Value = PageIndex;
parameters[4].Value = IsReCount;
parameters[5].Value = OrderType;
parameters[6].Value = strWhere;