string sqlCommand = "SELECT U.* FROM D_Users AS U WHERE U.RealName LIKE '%@Keyword%' AND U.Role='OrgUser' AND U.OrgID=@OrgID";
DBCommandWrapper dbCommandWrapper = db.GetSqlStringCommandWrapper(sqlCommand);
dbCommandWrapper.AddInParameter("Keyword",System.Data.DbType.String,Keyword);
dbCommandWrapper.AddInParameter("OrgID",System.Data.DbType.Int32,OrgID);@Keyword参数加上检索不出来数据:(
DBCommandWrapper dbCommandWrapper = db.GetSqlStringCommandWrapper(sqlCommand);
dbCommandWrapper.AddInParameter("Keyword",System.Data.DbType.String,Keyword);
dbCommandWrapper.AddInParameter("OrgID",System.Data.DbType.Int32,OrgID);@Keyword参数加上检索不出来数据:(
SqlCommand myCommand = new SqlCommand(databaseOwner + ".vodMax_Favorites_GetByUserID", myConnection);
HashList favorites = new HashList();
SqlDataReader reader;// Mark the Command as a SPROC
myCommand.CommandType = CommandType.StoredProcedure;
myCommand.Parameters.Add("@UserID", SqlDbType.Int).Value = userID;
myCommand.Parameters.Add("@PageIndex", SqlDbType.Int).Value = pageIndex;
myCommand.Parameters.Add("@PageSize", SqlDbType.Int).Value = pageSize;
string sqlCommand = "SELECT U.* FROM D_Users AS U WHERE U.RealName LIKE '%" + Keyword + "%' AND U.Role='OrgUser' AND U.OrgID=@OrgID";
也没有问题,但是不安全,用存储过程应该也没有问题我主要目的是想知道哪段代码问题出在哪里了
具体一点就是 '%@Keyword%' 这部分