Dim cmd As new SQLCommand
cmd.ConnectionName = "数据源名称"
cmd.CommandText = "Insert Into 订单 (客户, 日期, 订单编号) Values(?,?,?)"
cmd.Parameters.Add("@客户","01")
cmd.Parameters.Add("@日期",Date.Today)
cmd.Parameters.Add("@订单编号",100)
cmd.ExecuteNonQueryDim cmd As new SQLCommand
cmd.ConnectionName = "DB"
cmd.CommandText = "Update 订单 SET 折扣 = ?,单价 = ? Where 数量 > ?"
cmd.Parameters.Add("@折扣",0.15)
cmd.Parameters.Add("@单价",5)
cmd.Parameters.Add("@数量",500)
cmd.ExecuteNonQuery注意,Sql参数化只能传入确定可靠的值,例如设置单价=5,如果想拼接单价增加某个数,只能在sql里拼接
错误写法:
cmd.CommandText = "Update 订单 Set 单价 = ? WHERE 数量 > ?"
cmd.Parameters.Add("@单价","单价 + " & dr("我的值"))
...正确写法:
cmd.CommandText = "Update 订单 Set 单价 = 单价 + ? WHERE 数量 > ?"
cmd.Parameters.Add("@单价",dr("我的值"))
...纯Sql写法
Update 订单 Set 日期 =null
参数化写法:
cmd.CommandText = "Update 订单 Set 日期 = ? WHERE 数量 > ?"
cmd.Parameters.Add("@日期",Nothing)Dim cmd As new SQLCommand
cmd.ConnectionName = "DB"
cmd.CommandText = "Delete From 订单 Where 订单编号 = ?"
cmd.Parameters.Add("@订单编号",100)
cmd.ExecuteNonQueryDim cmd As new SQLCommand
cmd.ConnectionName = "DB"
cmd.CommandText = "Select * From {订单} Where 日期 >= ? And 日期 <= ?"
cmd.Parameters.Add("@开始日期",#2/1/2018#)
cmd.Parameters.Add("@结束日期",#3/31/2018#)
Dim dt As DataTable = cmd.ExecuteReader()cmd.CommandText="Select * from CustomerInfo where Name like ? "
cmd.Parameters.Add("@Name","%" & res("Name").ToString & "%" ) '注意不需要分号!
dt= cmd.ExecuteReader如果只需要前10条,可以
Select TOP 10 * from CustomerInfo
单表里某个字段in一些内容,只能自己循环拼接,参考
Dim ja As JArray = rjo("StateArray")
Dim ls As String
For i As Integer = 0 To ja.Count-1
ls &= " State = ? or"
cmd.Parameters.Add("@State" & i ,ja(i).ToString)
Next
ls = ls.TrimEnd("r")
ls = ls.TrimEnd("o")
filter &= " and (" & ls & ")"其实in并不是能用,而是参数化里的?必须指代某个清晰的元素,让sql解释器能够识别
cmd.CommandText="Select * from StoreOutInfo where ID in (Select StoreOutID from StoreOutDetail1 where Name like ? ) "
cmd.Parameters.Add("@Name","%" & res("Name").ToString & "%" ) '注意不需要分号!
dt= cmd.ExecuteReader