问题描述
public int InsertPerson(Person person,out string errormsg)
{
sqlConnection dbConnection = new sqlConnection();
dbConnection.ConnectionString = @"Data Source=(localdb)\mssqllocaldb;Initial Catalog=PersonDB;Integrated Security=True";
String sqlstring = "INSERT INTO PersonTable ( FirstName,LastName ) VALUES ( @firstname,@lastname )";
sqlCommand dbCommand = new sqlCommand(sqlstring,dbConnection);
dbCommand.Parameters.Add("FirstName",sqlDbType.NVarChar,30).Value = person.FirstName;
dbCommand.Parameters.Add("LastName",30).Value = person.LastName;
try
{
dbConnection.open();
int i = 0;
i = dbCommand.ExecuteNonQuery();
if (i == 1)
{
errormsg = "";
}
else
{
errormsg = "Could not add person";
}
return i;
}
catch (Exception e)
{
errormsg = e.Message;
return 0;
}
finally
{
dbConnection.Close();
}
}
但是,当我尝试在DELETE查询中使用逻辑时,它不会将@firstname和@lastname转换为传递给方法调用的参数值。
public int DeletePerson(Person person,out string errormsg)
{
sqlConnection dbConnection = new sqlConnection();
dbConnection.ConnectionString = @"Data Source=(localdb)\mssqllocaldb;Initial Catalog=PersonDB;Integrated Security=True";
String sqlstring = "DELETE FROM PersonTable WHERE FirstName = @firstname AND LastName = @lastname";
sqlCommand dbCommand = new sqlCommand(sqlstring,30).Value = person.LastName;
try
{
dbConnection.open();
int i = 0;
i = dbCommand.ExecuteNonQuery();
if (i == 1)
{
errormsg = "";
}
else
{
//errormsg = "Could not delete person";
errormsg = sqlstring;
}
return i;
}
catch (Exception e)
{
errormsg = e.Message;
return 0;
}
finally
{
dbConnection.Close();
}
}
从DELETE方法创建的查询看起来像这样DELETE FROM PersonTable WHERE FirstName = @firstname AND LastName = @lastname
当我对SQL查询进行硬编码时,它工作正常,但当我使用Person参数的属性作为查询的一部分时,效果很好。
解决方法
您可能会误解参数的工作方式。该值在SQL语句中未“替换”。使用单独提供的参数值按原样发送SQL语句。因此,在客户端不会看到替换了值的SQL字符串。
换句话说,sqlstring的值不变。如果这就是您要查看的内容,那么它什么也不会告诉您。还有其他问题-在数据库中找不到名称组合,或者在大小写,空格等方面存在某些差异。