ASP.NET使用参数化查询
作者:互联网
- 书写数据库语句
string str = ConfigurationManager.ConnectionStrings["Con"].ConnectionString;
SqlConnection conn = new SqlConnection(str);
- 打开数据库连接
conn.Open();
3.书写SQL语句
string sql = "insert into info values(@name,@pwd,@person,@ID,@phone,@email)";
4.使用并书写参数化命令
SqlCommand cmd = new SqlCommand(sql, conn);
SqlParameter[] paras = new SqlParameter[]
{ new SqlParameter("@name",TextBox1.Text),
new SqlParameter("@pwd",TextBox3.Text),
new SqlParameter("@person",TextBox4.Text),
new SqlParameter("@ID",TextBox5.Text),
new SqlParameter("@phone",TextBox6.Text),
new SqlParameter("@email",TextBox7.Text),
};
5.Parameters.AddRange的AddRange可以一次将一个集合或数组添加到Parameters集合
cmd.Parameters.AddRange(paras);
发送
if (cmd.ExecuteNonQuery() > 0)
Write("成功");
else
Write("请联系管理员");
标签:ASP,Parameters,Text,cmd,查询,new,NET,SqlParameter,conn 来源: https://blog.csdn.net/PaSifaLL/article/details/104818848