private string OracleSearchDemo(string cadqueueId) { string address = null; using (OracleConnection cn = GetOraConnection()) { string sqlGetAddress = "Select SvjDataAddress From Cadqueue Where CadqueueId = :CadqueueId"; OracleCommand cmd = new OracleCommand(sqlGetAddress, cn); cmd.CommandType = CommandType.Text; cmd.Parameters.Add(new OracleParameter("CadqueueId", cadqueueId)); cn.Open(); OracleDataReader dtr = cmd.ExecuteReader(); if (dtr.Read()) { address = dtr["SvjDataAddress"].ToString(); // 修改数据 // string sqlChangeStatus = "update cadqueue q set q.status = :status Where CadqueueId = :CadqueueId"; // cmd.CommandText = sqlChangeStatus; // cmd.Parameters.Clear(); // cmd.Parameters.Add("CadqueueId", cadqueueId); // cmd.ExecuteNonQuery(); } dtr.Close(); cn.Close(); } return address; } private OracleConnection GetOracleConnection() { OracleConnection conn = new OracleConnection(); // connectString 最好通过 app.config 配置 conn.ConnectionString = "Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=***.***.***.***)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=***)));Persist Security Info=True;User ID=***;Password=***;" ; return conn; }
注意:为了防止SQL 注入, 采用参数化查询 (原理: 执行计划重用, 不用重新执行语法解析))
此外, oracle 数据库在参数化查询时,采用 ’‘:parameter’ , mysql 语句中使用 ‘‘’@parameter’