发表新帖
发表新帖

SQL query from C#

前端 未结
关注
4 1219
感情败类
感情败类 2020-12-20 23:32

I am trying to query SQL Server database from C#

I have class 

Class_A 
{
  public fetch((string name, string last_name))
  {
    SqlConnection conn
4条回答
  • 余生分开走
    余生分开走 (楼主)
    2020-12-20 23:59

    Try

    select * from table where NAME = 'name' and LAST_NAME = 'last_name'

    instead of

    select * from table where NAME = name and LAST_NAME = last_name

    Edit:

    If name and last_name are your parameters then try this:

    SqlCommand myCommand = new SqlCommand("select * from table where NAME = @name and LAST_NAME = @last_name", conn); 
myCommand.Parameters.AddWithValue( "@name", name );
myCommand.Parameters.AddWithValue( "@last_name", last_name );

    Using parameterized commands means that you are invulnerable to a potential huge security hole - sql injection which is possible when command text is manually concatenated.

    0 讨论(0)
 看不清?
提交回复
热议问题