public class DBhelper
{
public static string connstr = ConfigurationManager.ConnectionStrings["DB"].ConnectionString;
public static DataTable ExcuteTable(string sql,params SqlParameter[] sqlms)
{
using (SqlDataAdapter sda = new SqlDataAdapter(sql, connstr))
{
if(sqlms != null && sqlms.Count() > 0)
{
sda.SelectCommand.Parameters.AddRange(sqlms);
}
using (DataTable dt = new DataTable())
{
sda.Fill(dt);
return dt;
}
}
}
public static int ExcuteNonQuery(string sql,params SqlParameter[] sqlms)
{
using (SqlConnection conn = new SqlConnection(connstr))
{
using (SqlCommand comm = new SqlCommand(sql, conn))
{
if (sqlms != null && sqlms.Count() > 0)
{
comm.Parameters.AddRange(sqlms);
}
conn.Open();
return comm.ExecuteNonQuery();
}
}
}
}
Adding the value passing method of the DAL page when the parameter passing value is added to DBhelper
//构建查询
var sql = $"select * from logins where uname=@uname and password=@password";
SqlParameter[] sqlms = {
new SqlParameter("@uname", uname),
new SqlParameter("@password", password),
};