DataTable users = this.CheckUser(tbUserName.Text, tbUserPwd.Text);public DataTable CheckUser(string name,string password)
{ StringBuilder sql = new StringBuilder("SELECT * FROM USERS WHERE UID='")
.Append(name).Append("'")
.Append(" AND UPWD='").Append(password).Append("'");
return sql.ToString();
} 这个 DataTable users 能直接接收这个sql.ToString么?要怎么转换啊?还有如果如下写一个方法,该怎么写?就是用 return db.QuickSelect(sql.ToString());这个返回的话public abstract DataTable QuickSelect(string sql);
{ StringBuilder sql = new StringBuilder("SELECT * FROM USERS WHERE UID='")
.Append(name).Append("'")
.Append(" AND UPWD='").Append(password).Append("'");
return sql.ToString();
} 这个 DataTable users 能直接接收这个sql.ToString么?要怎么转换啊?还有如果如下写一个方法,该怎么写?就是用 return db.QuickSelect(sql.ToString());这个返回的话public abstract DataTable QuickSelect(string sql);
还差几步:
1) 创建Connection
2) 创建DataAdapter 参数:Connection, Sql文
3) 填充DataTable:
DataTable data = new DataTable();
DataAdapter.Fill(data)
return data;
参数化操作
string.format("SELECT * FROM USERS WHERE UID='{0}' and UPWD='{1}'",name,password)
string cmdText, SqlParameter[] p)
{
if (conn.State != ConnectionState.Open)
{
conn.Open();
} cmd.Parameters.Clear();
cmd.Connection = conn;
cmd.CommandText = cmdText; cmd.CommandType = CommandType.Text;
cmd.CommandTimeout = 30; if (p != null)
{
foreach (SqlParameter parm in p)
{
cmd.Parameters.Add(parm);
}
}
} #region 执行一条SQL语句,返回一个DataTable
public DataTable GetDataTable(string sqlstr, params SqlParameter[] p)
{
using (conn = new SqlConnection (ConnectionString))
{
dt = new DataTable();
try
{
cmd = new SqlCommand();
PrepareCommand(cmd, conn, sqlstr, p);
sda = new SqlDataAdapter();
sda.SelectCommand = cmd; sda.Fill(dt);
return dt;
}
catch (Exception ex)
{
ErrLog(string.Format("错误SQL语句:{0};错误代码:{1}", sqlstr, ex.Message));
return dt;
}
}
}
#endregion