int Id =1;
string Name="lui";
cmd.CommandText="insert into TUserLogin values(@Id,@Name)";
//上条语句中直接在sql语句中写添加的参数名,不论参数类型都是如此.
SqlParameter para=new SqlParameter("@Id",SqlDbType.int,4);//生成一个名字为@Id的参数,必须以@开头表示是添加的参数,并设置其类型长度,类型长度与数据库中对应字段相同
para.Value=Id;//给参数赋值
cmd.Parameters.Add(para);//必须把参数变量添加到命令对象中去。
//以下类似
para=new SqlParameter("@Name",SqlDbType.VarChar,16);
para.Value=Name;
com.Parameters.Add(para);
一、Add方法
SqlParameter
sp = new SqlParameter("@name","Pudding");
cmd.Parameters.Add(sp);
sp
= new SqlParameter("@ID","1");
cmd.Parameters.Add(sp);
二、AddRange方法
SqlParameter[]
paras = new SqlParameter[]
{ new SqlParameter("@name","Pudding"),new SqlParameter("@ID","1")
};
cmd.Parameters.AddRange(paras);
//获取学生登陆名和密码
public static DataTable GetLoginInformation(string studentNumber,string studentPassword)
{
//bool success = false;
DbCommand dbComm = SqlHelper.CreateDbCommand();
dbComm.CommandText = "UserInformationOfLogining";
//第一个参数
DbParameter param = dbComm.CreateParameter();
param.ParameterName = "@StudentNumber";
param.Value = studentNumber;
param.DbType = DbType.String;
dbComm.Parameters.Add(param);
//第二个参数
param = dbComm.CreateParameter();
param.ParameterName = "@StudentPassword";
param.Value = studentPassword;
param.DbType = DbType.String;
dbComm.Parameters.Add(param);
//执行存储过程
DataTable table = SqlHelper.ExecuteSelectCommand(dbComm);
return table;
}