StringBuilder sql = new StringBuilder("select top "+ PageSize + " Bluetooth,Camera,color,Description,email,fm,gps,id,memory,Memorycard,mp3,mp4,num,onSellTime,phoneSize,phonetype,pid,price,ScreenSize,Standbytime,phoneSystem,weight from M_Phone a "); sql.Append(" where a.id>=( select ISNULL(MAX(xx.id),0) from ( select TOP " + a +" id from M_Phone where 1=1 "); if (strprice != "")
{
sql.Append(" and price like '%" + strprice.Replace("'", "''") + "%'");
}
if (strtime != "")
{
sql.Append(" and onselltime like '%" + strtime.Replace("'", "''") + "%'");
}
if (strcamera != "")
{
sql.Append(" and camera like '%" + strcamera.Replace("'", "''") + "%'");
} sql.Append(" order by id)xx ) "); if (strprice != "")
{
sql.Append(" and a.price like '%" + strprice.Replace("'", "''") + "%'");
}
if (strtime != "")
{
sql.Append(" and a.onselltime like '%" + strtime.Replace("'", "''") + "%'");
}
if (strcamera != "")
{
sql.Append(" and a.camera like '%" + strcamera.Replace("'", "''") + "%'");
} // SqlParameter[] paras = { new SqlParameter("@pid", SqlDbType.Int, 4) };
//MyList.DataSource = SqlHelper.ExcuteReadApdater(sql, CommandType.Text, paras);//实现参数化,有什么好的方法,参数是动态创建的
sql.Append(" order by a.id");
string sqll = sql.ToString();
DataSet ds = SqlHelper.ExcuteReadApdater(sqll, CommandType.Text, null) ;
Repeater1.DataSource = ds;
Repeater1.DataBind();
解决方案 »
- 请教sql 日期格式 按月查询 怎么写
- 捕捉到ArgumentException
- C#连接MYSQL数据库的连接字符串加了个charset=gb2312,报错!有谁知道吗?
- IIS下运行C#程序的问题
- c# winform中的键盘监听事件
- Winform的EXE程序中如何調用另外一個ExE程序,并传递参数?
- 哪有好的progressbar?
- 《********************关于客户端 断线重连问题,谁能给出个完美的方案?**********************》
- 在自己机器上运行正常,别的机器上无法运行
- 给大家推荐一本书好书
- 大家看看怎么输出这个结果的信息
- dataGridView1 增加 新行(已绑定数据)
{
//sql.Append(" and price like '%" + strprice.Replace("'", "''") + "%'");
sql.Append(" and price like %@AAA%'");
cmd.Pa...Add(...)
cmd.P.Value = ....
}
但是这样也没避免拼接sql,不过是用了参数
比如 select * from table where @a and @b;
SqlParameter paras1 = new SqlParameter("@a",x1==""?"1=1":"and T1 like '%" + X1.Replace("'", "''") + "%'" );
SqlParameter paras2 = new SqlParameter("@b",x2==""?"1=1":"and T2 like '%" + X2.Replace("'", "''") + "%'" );不知道这样行不? 把一个条件表达式当参数! 纯属个人想法,没验证!
sqlsp = "BlogArticle_Update";
SqlParameter[] param = {
new SqlParameter("Content",Content.Value),
};
//重构数组
SqlParameter[] param2;
if (IsDefineWeight == "1")
{
int newNum = param.Length + 1;
param2 = (SqlParameter[])Redim(param, newNum);
param2[newNum - 1] = new SqlParameter("Weight", weight.Text);
}
else
{
param2 = param;
} DAL.dbsp.ExecuteNonQuery(sqlsp, param2);