SqlParameter
string strSql = "Insert into News(TypeId,NewsCaption,NewsContent) values(@TypeId,@NewsCaption,@NewsContent)";
SqlParameter[] paras ={
new SqlParameter("@TypeId",SqlDbType.Int),
new SqlParameter("@NewsCaption",SqlDbType.NVarChar,200),
new SqlParameter("@NewsContent",SqlDbType.NText)
};
paras[0].Value = typeId;
paras[1].Value = caption;
paras[2].Value = content;
int rows = new SqlHelp().ExecuteNonQuery(strSql, paras);
public SqlHelp() {
connString = ConfigurationManager.AppSettings["sqlServer2005DbName"];
}
public int ExecuteNonQuery(string strQuery, SqlParameter[] paras) {
int rows = 0; //影响行数
try {
using (SqlConnection conn = new SqlConnection(connString)) {
using (SqlCommand command = new SqlCommand()) {
PrepareCommand(conn, command, strQuery, paras);
rows = command.ExecuteNonQuery();
return rows;
}
}
} catch {
throw;
}
}
//带参数的DML操作
private void PrepareCommand(SqlConnection conn, SqlCommand command, string strQuery, SqlParameter[] paras) {
if (conn.State != ConnectionState.Open) {
conn.Open();
}
command.Connection = conn;
command.CommandText = strQuery;
command.CommandType = CommandType.Text;
if (paras != null) {
foreach (SqlParameter parm in paras)
command.Parameters.Add(parm);
}
}