我想将 select 语句的结果值检索到字符串变量中,如下所示:
OleDbCommand cmd1 = new OleDbCommand();
cmd1.Connection = GetConnection();
cmd1.CommandText = "SELECT treatment FROM appointment WHERE patientid = " + text;
cmd1.ExecuteNonQuery();
我想将选定的处理值放入字符串变量中。我该怎么做?
ExecuteReader()
而不是 ExecuteNonQuery()
。 ExecuteNonQuery()
仅返回受影响的行数。
try
{
SqlDataReader dr = cmd1.ExecuteReader();
}
catch (SqlException oError)
{
}
while(dr.Read())
{
string treatment = dr[0].ToString();
}
using
语句。
using(SqlDataReader dr = cmd1.ExecuteReader())
{
while(dr.Read())
{
string treatment = dr[0].ToString();
}
}
但是如果您的
SqlCommand
仅返回 1
列,则可以使用 ExecuteScalar()
方法。它返回第一行的第一列,如下所示:-
cmd.CommandText = "SELECT treatment FROM appointment WHERE patientid = " + text;
string str = Convert.ToString(cmd.ExecuteScalar());
您还可以将代码打开到SQL 注入。始终使用参数化查询。 Jeff 有一篇很酷的博客文章,名为“给我参数化 SQL,或者给我死亡”。请仔细阅读。另请阅读 DotNetPerl SqlParameter 文章。当您进行查询时,SQL 注入非常重要。
方法从数据库中检索单个值(例如聚合值)。
cmd1.Connection = GetConnection();
cmd1.CommandText = "SELECT treatment FROM appointment WHERE patientid = " + text;
if(cmd.ExecuteScalar()==null)
{
var treatment = cmd.ExecuteScalar();
}
其他方式:
ExecuteReader()
try
{
cmd1.CommandText ="SELECT treatment FROM appointment WHERE patientid=@patientID";
cmd1.Parameters.AddWithValue("@patientID", this.DropDownList1.SelectedValue);
conn.Open();
SqlDataReader dr = cmd1.ExecuteReader();
while (dr.Read())
{
int PatientID = int.Parse(dr["treatment"]);
}
reader.Close();
((IDisposable)reader).Dispose();//always good idea to do proper cleanup
}
catch (Exception exc)
{
Response.Write(exc.ToString());
}
String res = cmd1.ExecuteScalar();
备注:使用参数化查询来防止sql注入
你有内联sql,这在很大程度上让你面临sql注入。
string sSQL = "SELECT treatment FROM appointment WHERE patientid = @patientId";
OleDbCommand cmd1 = new OleDbCommand(sSQL, GetConnection()); // This may be slight different based on what `GetConnectionReturns`, just put the connection string in the second parameter.
cmd1.Parameters.AddWithValue("@patientId", text);
SqlDataReader reader = cmd1.ExecuteReader();
string returnValue;
while(reader.Read())
{
returnValue = reader[0].ToString();
}
OleDbCommand cmd1 = new OleDbCommand();
cmd1.Connection = GetConnection();
cmd1.CommandText = "SELECT treatment FROM appointment WHERE patientid = " + text;
var result = cmd1.ExecuteScalar();
如果您的 SQL 语句返回多于一行/列,那么您可以使用 ExecuteReader()。
string connection = "your connection";
string query = "SELECT treatment FROM appointment WHERE patientid = " + text;
OleDbConnection conn = new OleDbConnection(connection);
OleDbDataAdapter adapter = new OleDbDataAdapter();
adapter.SelectCommand = new OleDbCommand(query, conn);
adapter.Fill(dataset);