参数化查询

一、

SqlConnection cn=new SqlConnection("连接字符串");

SqlCommand cmd=new SqlCommand("insert into 表 values(@name,@pwd)",cn);
cmd.Paramters.AddWithValue("@id",TextBoxName.Text);
cmd.Paramters.AddWidthValue("@pwd",TextBoxPwd.Text);
cn.Open();
cmd.ExecuteNonQuery();

cn.Close();

 

二、

        string kkk = "vxvxxvxvxv", lll = "xcxcxc";
        DataSet kk = new DataSet();
        SqlDataAdapter vv = new SqlDataAdapter("insert into table1 (aa,bb) values (@aacc,@bbcc)", myConn);
        vv.SelectCommand.Parameters.AddWithValue("@aacc", kkk);
        vv.SelectCommand.Parameters.AddWithValue("@bbcc", lll);
        vv.Fill(kk);

 

三、

        DataSet owie = new DataSet();
        SqlDataAdapter fksf = new SqlDataAdapter("select id from Table1 where aa like '%'+@sfdsdfs+'%'", myConn);
        fksf.SelectCommand.Parameters.AddWithValue("@sfdsdfs", "dd");
        fksf.Fill(owie);

 

四、

        DataSet owie = new DataSet();
        SqlDataAdapter fksf = new SqlDataAdapter("select id from Table1 where aa=@sfdsdfs", myConn);
        fksf.SelectCommand.Parameters.AddWithValue("@sfdsdfs", "dfgddd");
        fksf.Fill(owie);