DBHelper(使用参数化+事务查询和执行)

using System;
using System.Collections.Generic;
using System.Data;
using System.Data.Common;
using System.Data.SqlClient;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace StudyADO_DHelper_
{
    class DBHelper
    {
        private static string constr = "Data Source=.;Initial Catalog=dbname;User ID=sa;Password=psd";//连接字符串
        
        /// <summary>
        /// 使用参数化查询
        /// </summary>
        /// <param name="sql">sql语句</param>
        /// <param name="listpara">参数</param>
        /// <returns></returns>
        public static DataTable Select(string sql,List<SqlParameter> listpara) {
            DataTable dt = new DataTable();//实例化一个datatable
            SqlTransaction t_select = null;//事务
            SqlConnection con = new SqlConnection(constr);//创建数据库连接实例
            con.Open();//打开连接
            try
            {
                t_select = con.BeginTransaction();//开始事务
                SqlCommand cmd = new SqlCommand(sql);
                cmd.Transaction = t_select;//绑定事务
                cmd.Connection = con;
                foreach (var item in listpara)
                {
                    cmd.Parameters.Add(item);
                }
                SqlDataAdapter adapter = new SqlDataAdapter(cmd);//适配器
                adapter.Fill(dt);//转datatable
                t_select.Commit();//提交
            }
            catch (Exception ex)
            {
                t_select.Rollback();//回滚
            }
            finally {
                if (con.State == ConnectionState.Open)
                {
                    con.Close();//关闭连接
                }
            }
            return dt;
        }

        /// <summary>
        /// 使用参数化执行
        /// </summary>
        /// <param name="sql">sql语句</param>
        /// <param name="listpara">参数</param>
        /// <returns></returns>
        public static bool Excute(string sql, List<SqlParameter> listpara)
        {
            bool result = false;
            SqlTransaction t_select = null;//事务
            SqlConnection con = new SqlConnection(constr);//创建数据库连接实例
            con.Open();//打开连接
            try
            {
                t_select = con.BeginTransaction();//开始事务
                SqlCommand cmd = new SqlCommand(sql);
                cmd.Transaction = t_select;//绑定事务
                cmd.Connection = con;
                foreach (var item in listpara)
                {
                    cmd.Parameters.Add(item);
                }
                result = cmd.ExecuteNonQuery() > 0;
                t_select.Commit();//提交
            }
            catch (Exception ex)
            {
                t_select.Rollback();//回滚
            }
            finally
            {
                if (con.State==ConnectionState.Open)
                {
                    con.Close();//关闭连接
                }
            }
            return result;
        }


        //示例如下
        //string sql = "insert into Test values(@name,@psd)";
        //List<SqlParameter> listpara = new List<SqlParameter>();
        //listpara.Add(new SqlParameter("name", "1532718597"));
        //    listpara.Add(new SqlParameter("psd", "123"));
        //    if (DBHelper.Excute(sql,listpara))
        //    {
        //        label2.Text = "成功";
        //    }

    }
}

 1.使用参数化执行可以不在数据库创建存储过程，直接在代码里执行操作即可完成！个人认为较为方便！