SqlParameter类——带参数的SQL语句

SqlParameter 类

表示 SqlCommand 的参数，也可以是它到 DataSet 列的映射。无法继承此类。

命名空间：  System.Data.SqlClient

程序集：  System.Data（在 System.Data.dll 中）

举例1

    string strconn = "Data Source=xxx;user id=sa;pwd=;initial catalog=gltest";
        SqlConnection Conn = new SqlConnection(strconn);
        Conn.Open();

    // 声明参数
        string sql = "insert into users(name,pwd) values (@name,@pwd)";
        SqlCommand cmd = new SqlCommand(sql, Conn);

    // 添加参数
        cmd.Parameters.Add(new SqlParameter("@name", SqlDbType.NVarChar, 50));
       cmd.Parameters.Add(new SqlParameter("@pwd", SqlDbType.NVarChar, 50));

    // 为参数赋值
        cmd.Parameters["@name"].Value = this.TextBox1.Text;
       cmd.Parameters["@pwd"].Value = this.TextBox2.Text;

        cmd.ExecuteNonQuery();
        Conn.Close();  

comm.Parameters.Add()添加参数到参数集即（添加参数列表）,add里面的第一个参数是要添加的参数名,第二个参数是参数的数据类型Parameters的作用就是把存储过程执行结束后得到的参数传到程序里。

第一个是参数名,第二个是参数类型,第三个是长度

举例二：

    /// <summary>
        /// 更新一条数据
        /// </summary>
        public bool Update(Model.MonitoringPointsStatusInfo model)
        {
            StringBuilder strSql = new StringBuilder();
            strSql.Append("update TB_MonitoringPointsStatus set ");
            strSql.Append("PointID=@PointID,");
            strSql.Append("PointName=@PointName,");
            strSql.Append("Date=@Date,");
            strSql.Append("DangerousLevel=@DangerousLevel,");
            strSql.Append("IsUpload=@IsUpload,");
            strSql.Append("IsCheck=@IsCheck,");
            strSql.Append("IsSafe=@IsSafe,");
            strSql.Append("CycleTime=@CycleTime,");
            strSql.Append("ColumnValue=@ColumnValue,");
 
            strSql.Append("IsApproval=@IsApproval,");
            strSql.Append("CheckUser=@CheckUser,");
            strSql.Append("CheckRealName=@CheckRealName,");
            strSql.Append("Note=@Note");

        strSql.Append(" where ID=@ID");
            SqlParameter[] parameters = {
                         new SqlParameter("@ID", SqlDbType.Int,4),
                         new SqlParameter("@PointID", SqlDbType.Int,4),
                         new SqlParameter("@PointName", SqlDbType.NVarChar,50),
                         new SqlParameter("@Date", SqlDbType.DateTime),
                         new SqlParameter("@DangerousLevel", SqlDbType.Char,1),
                         new SqlParameter("@IsUpload", SqlDbType.Bit,1),
                         new SqlParameter("@IsCheck", SqlDbType.Bit,1),
                         new SqlParameter("@CycleTime",SqlDbType.Char,12),
                         new SqlParameter("@IsSafe", SqlDbType.Bit,1),
                         new SqlParameter("@ColumnValue", SqlDbType.Int),

                     new SqlParameter("@IsApproval", SqlDbType.Bit,1),
                         new SqlParameter("@CheckUser", SqlDbType.Int),
                         new SqlParameter("@CheckRealName", SqlDbType.NVarChar,50),
                         new SqlParameter("@Note", SqlDbType.Text)
                                        };

            parameters[0].Value = model.ID;
            parameters[1].Value = model.PointID;
            parameters[2].Value = model.PointName;
            parameters[3].Value = model.Date;
            parameters[4].Value = model.DangerousLevel;
            parameters[5].Value = model.IsUpload;
            parameters[6].Value = model.IsCheck;
            parameters[7].Value = model.CycleTime;
            parameters[8].Value = model.IsSafe;
            parameters[9].Value = model.ColumnValue;

        parameters[10].Value = model.IsApproval;
            parameters[11].Value = model.CheckUser;
            parameters[12].Value = model.CheckRealName;
            parameters[13].Value = model.Note;

            int rows = DBHelper.ExecuteSql(strSql.ToString(), parameters);
            if (rows > 0)
            {
                return true;
            }
            else
            {
                return false;
            }
        } 

参考博客：http://liuyuanjian82.blog.163.com/blog/static/40093839200942732222918/