SqlParameter[] Params = new SqlParameter[38];
DataBase DB = new DataBase();
Params[0] = DB.MakeInParam("@Yuming", SqlDbType.VarChar, 50, beian.Yuming);
Params[1] = DB.MakeInParam("@Beianhao", SqlDbType.VarChar, 50, beian.Beianhao);
Params[2] = DB.MakeInParam("@bid", SqlDbType.Int, 4, beian.Bid); if (beian.ModifyBeianById(Params))
MessageBox.Show("修改成功!", "BeianManage.aspx", 0,
MessageBoxType.AlertUrl, UpdatePanel1, this.GetType());
else
MessageBox.Show("修改不成功!", "BeianManage.aspx", 0,
MessageBoxType.AlertUrl, UpdatePanel1, this.GetType());
public bool ModifyBeianById(SqlParameter[] Params)
{
DataBase DB = new DataBase();
String[] str = new String[1];
str[0] = "update beian set yuming='" + Params[0].Value + "',beianhao='" + Params[1].Value +
"' where bid='" + Params[2].Value + "'";
return DB.ExecuteSQL(str);
}
DataBase DB = new DataBase();
Params[0] = DB.MakeInParam("@Yuming", SqlDbType.VarChar, 50, beian.Yuming);
Params[1] = DB.MakeInParam("@Beianhao", SqlDbType.VarChar, 50, beian.Beianhao);
Params[2] = DB.MakeInParam("@bid", SqlDbType.Int, 4, beian.Bid); if (beian.ModifyBeianById(Params))
MessageBox.Show("修改成功!", "BeianManage.aspx", 0,
MessageBoxType.AlertUrl, UpdatePanel1, this.GetType());
else
MessageBox.Show("修改不成功!", "BeianManage.aspx", 0,
MessageBoxType.AlertUrl, UpdatePanel1, this.GetType());
public bool ModifyBeianById(SqlParameter[] Params)
{
DataBase DB = new DataBase();
String[] str = new String[1];
str[0] = "update beian set yuming='" + Params[0].Value + "',beianhao='" + Params[1].Value +
"' where bid='" + Params[2].Value + "'";
return DB.ExecuteSQL(str);
}
strSql.Append("delete from YZ_TemplateInfo ");
strSql.Append(" where StyleID=@StyleID ");
SqlParameter[] parameters = {
new SqlParameter("@StyleID", SqlDbType.Int,4)};
parameters[0].Value = StyleID; DbHelperSQL.ExecuteSql(strSql.ToString(),parameters);
SqlParameter在这里起到了什么作用?和用一个string对象存储数据一样的效果。你可以用SQL Server Profiler看看参数化执行的SQL是什么样的。
参数化查询的方式是把它看做只是一个T-SQL查询,它接受控制这个查询返回什么的参数