问题
I have code to insert data to SQL table. The columns have such types:
@param1 datetime,
@param2 nvarchar(50),
@param3 int,
@param4 bit,
@param5 int,
@param6 bit,
@param7 bit,
@param8 varchar(20),
@param9 varchar(20)
This is my method:
try
{
using (SqlCommand oleDbCommand = new SqlCommand())
{
// Set the command object properties
oleDbCommand.Connection = new SqlConnection(connectionString);
oleDbCommand.CommandType = CommandType.StoredProcedure;
oleDbCommand.CommandText = "[dbo].[InsertRow]";
// Add the input parameters to the parameter collection
// m.param1 is of DateTime type, m.param2 of string type, m.param3 of int type, etc.
oleDbCommand.Parameters.AddWithValue("@param1", m.param1);
oleDbCommand.Parameters.AddWithValue("@param2", m.param2);
oleDbCommand.Parameters.AddWithValue("@param3", m.param3);
oleDbCommand.Parameters.AddWithValue("@param4", m.param4);
oleDbCommand.Parameters.AddWithValue("@param5", m.param5);
oleDbCommand.Parameters.AddWithValue("@param6", m.param6);
oleDbCommand.Parameters.AddWithValue("@param7", m.param7);
oleDbCommand.Parameters.AddWithValue("@param8", m.param8);
oleDbCommand.Parameters.AddWithValue("@param9", m.param9);
// Open the connection, execute the query and close the connection.
oleDbCommand.Connection.Open();
oleDbCommand.ExecuteNonQuery();
oleDbCommand.Connection.Close();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return false;
}
I have two but related questions:
- am I passing parameters correctly? Or do I need casts? (please see the column types in the beginning of the question).
- how to correctly handle closing of database? In case also of some exception?
回答1:
I would do as below
try
{
using (var conn = new SqlConnection(connectionString))
using (var command = new SqlCommand("[dbo].[InsertRow]", conn) {
CommandType = CommandType.StoredProcedure }) {
conn.Open();
command.Parameters.Add("@param1", SqlDbType.DateTime).Value = m.param1;
command.Parameters.Add("@param2", SqlDbType.NVarChar, 50).Value = m.param2;
command.Parameters.Add("@param3", SqlDbType.Int).Value = m.param3;
command.Parameters.Add("@param4", SqlDbType.Bit).Value = m.param4;
command.Parameters.Add("@param5", SqlDbType.Int).Value = m.param5;
command.Parameters.Add("@param6", SqlDbType.Bit).Value = m.param6;
command.Parameters.Add("@param7", SqlDbType.Bit).Value = m.param7;
command.Parameters.Add("@param8", SqlDbType.VarChar, 20).Value = m.param8;
command.Parameters.Add("@param9", SqlDbType.VarChar, 20).Value = m.param9;
command.ExecuteNonQuery();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return false;
}
回答2:
AddWithValue tries to assigns the value by unboxing an object in the c# type based on the database field's type.
try
{
using (var oleDbConnection = new SqlConnection(connectionString))
{
// Set the command object properties
SqlCommand oleDbCommand = new SqlCommand()
oleDbCommand.Connection = oleDbConnection;
oleDbCommand.CommandType = CommandType.StoredProcedure;
oleDbCommand.CommandText = "[dbo].[InsertRow]";
// Add the input parameters to the parameter collection
// m.param1 is of DateTime type, m.param2 of string type, m.param3 of int type, etc.
oleDbCommand.Parameters.AddWithValue("@param1", m.param1);
oleDbCommand.Parameters.AddWithValue("@param2", m.param2);
oleDbCommand.Parameters.AddWithValue("@param3", m.param3);
oleDbCommand.Parameters.AddWithValue("@param4", m.param4);
oleDbCommand.Parameters.AddWithValue("@param5", m.param5);
oleDbCommand.Parameters.AddWithValue("@param6", m.param6);
oleDbCommand.Parameters.AddWithValue("@param7", m.param7);
oleDbCommand.Parameters.AddWithValue("@param8", m.param8);
oleDbCommand.Parameters.AddWithValue("@param9", m.param9);
// Open the connection, execute the query and close the connection.
oleDbCommand.Connection.Open();
oleDbCommand.ExecuteNonQuery();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return false;
}
using statement adds itself the correct connection handling after its use.
来源:https://stackoverflow.com/questions/26461949/pass-parameters-correctly-to-sqlcommand