using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data.Sql;
using System.Data.SqlClient;
using System.Linq;
using System.Text;
using System.Data;
using System.Data.Common;
using System.Windows.Forms;namespace WMS
{
class Access
{ public static string connStr = ConfigurationManager.ConnectionStrings["ConStr"].ConnectionString; public static string dataDir = AppDomain.CurrentDomain.BaseDirectory; public static void dataDirDeclare()
{
if ( dataDir.EndsWith(@"\bin\debug\")|| dataDir.EndsWith(@"\bin\release\"))
{
dataDir = System.IO.Directory.GetParent(dataDir).Parent.Parent.FullName;
AppDomain.CurrentDomain.SetData("DataDirectory",dataDir);
}
}
public Access()
{
dataDirDeclare();
} public string getName(string userid)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand comm = conn.CreateCommand())
{
comm.CommandText = @"select username from userinfo where userid = @name ";
comm.Parameters.Add(new SqlParameter ("name",userid));
return Convert.ToString( comm.ExecuteScalar());
}
} }
public bool login(string name, string password)
{
bool flag = false;
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand comm = conn.CreateCommand())
{
comm.CommandText = @"select count(*) from userinfo where userid = @name and password = @password";
comm.Parameters.Add(new SqlParameter ("name",name));
comm.Parameters.Add(new SqlParameter ("password",password)); int i = Convert.ToInt32(comm.ExecuteScalar());
if (i == 0)
{
flag = false; }
else
{
flag = true;
}
}
}
return flag;
} public bool querySql(string sql,params string[] s )
{
bool flag = false;
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand comm = conn.CreateCommand())
{
comm.CommandText = @"select userid,password from userinfo where userid = @userid and password = @password ";
comm.Parameters.Add(new SqlParameter("userid", "wj"));
comm.Parameters.Add(new SqlParameter("password", "111111")); string userid = (string) comm.ExecuteScalar();
}
}
return flag; }
}
}
------------------------
这个类里面 函数getName(),login() 在调用时都参数@都可以替换,但是函数querySql()在调用时参数死活都不替换,
请求帮忙解决,谢谢,非常感谢
using System.Collections.Generic;
using System.Configuration;
using System.Data.Sql;
using System.Data.SqlClient;
using System.Linq;
using System.Text;
using System.Data;
using System.Data.Common;
using System.Windows.Forms;namespace WMS
{
class Access
{ public static string connStr = ConfigurationManager.ConnectionStrings["ConStr"].ConnectionString; public static string dataDir = AppDomain.CurrentDomain.BaseDirectory; public static void dataDirDeclare()
{
if ( dataDir.EndsWith(@"\bin\debug\")|| dataDir.EndsWith(@"\bin\release\"))
{
dataDir = System.IO.Directory.GetParent(dataDir).Parent.Parent.FullName;
AppDomain.CurrentDomain.SetData("DataDirectory",dataDir);
}
}
public Access()
{
dataDirDeclare();
} public string getName(string userid)
{
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand comm = conn.CreateCommand())
{
comm.CommandText = @"select username from userinfo where userid = @name ";
comm.Parameters.Add(new SqlParameter ("name",userid));
return Convert.ToString( comm.ExecuteScalar());
}
} }
public bool login(string name, string password)
{
bool flag = false;
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand comm = conn.CreateCommand())
{
comm.CommandText = @"select count(*) from userinfo where userid = @name and password = @password";
comm.Parameters.Add(new SqlParameter ("name",name));
comm.Parameters.Add(new SqlParameter ("password",password)); int i = Convert.ToInt32(comm.ExecuteScalar());
if (i == 0)
{
flag = false; }
else
{
flag = true;
}
}
}
return flag;
} public bool querySql(string sql,params string[] s )
{
bool flag = false;
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand comm = conn.CreateCommand())
{
comm.CommandText = @"select userid,password from userinfo where userid = @userid and password = @password ";
comm.Parameters.Add(new SqlParameter("userid", "wj"));
comm.Parameters.Add(new SqlParameter("password", "111111")); string userid = (string) comm.ExecuteScalar();
}
}
return flag; }
}
}
------------------------
这个类里面 函数getName(),login() 在调用时都参数@都可以替换,但是函数querySql()在调用时参数死活都不替换,
请求帮忙解决,谢谢,非常感谢
{
bool flag = false;
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand comm = conn.CreateCommand())
{
comm.CommandText = @"select userid,password from userinfo where userid = @userid and password = @password ";
comm.Parameters.Add(new SqlParameter("userid", "wj"));
comm.Parameters.Add(new SqlParameter("password", "111111")); string userid = (string) comm.ExecuteScalar();
}
}
return flag; } 就是这个函数。请帮忙分析分析
,passwordfrom userinfo where userid = @userid and password = @passwordcomm.Parameters.AddWithValue("@userid", "wj");
comm.Parameters.AddWithValue("@password", "111111");