namespace DAL { class SqlHelper { static string conString = "server=.;database=SQLSchool;uid=sa;pwd=sasa"; /// <summary> /// Execute the query to return the result set /// </summary> /// <param name="safeSql"> Store procedure name (SQL statement) </param> /// <param name= "ps"> SQL parameter object collection </param> /// <returns> table </returns> public static DataTable ExecuteTable( string safeSql, SqlParameter[] ps) { //using 块 using (SqlConnection con = new SqlConnection(conString)) { SqlCommand cmd = new SqlCommand(safeSql, con); // The type of setting command is: stored procedure. If not set, the default is the executed text, that is, the ordinary SQL statement cmd.CommandType = CommandType.StoredProcedure; // The default is to execute the ordinary SQL text statement such as: select * from student // cmd.CommandType = CommandType.Text; if (ps != null && ps.Length > 0) { // Add parameters to the collection of command objects cmd.Parameters.AddRange(ps); } con.Open(); SqlDataReader reader = cmd.ExecuteReader();//查询数据:ExecuteReader DataTable table = new DataTable(); table.Load(reader); reader.Close(); con.Close(); return table; } } public static object ExecuteSingle( string safeSql, SqlParameter[] ps) // Single object: ExecuteSingle { using (SqlConnection con = new SqlConnection(conString)) { SqlCommand cmd = new SqlCommand(safeSql, con); cmd.CommandType = CommandType.StoredProcedure; if (ps != null && ps.Length > 0) { cmd.Parameters.AddRange(ps); } con.Open(); object result = cmd.ExecuteScalar(); con.Close(); return result; } } public static int ExecuteInsertUpdateDelete(string safeSql, SqlParameter[] ps) { using (SqlConnection con = new SqlConnection(conString)) { SqlCommand cmd = new SqlCommand(safeSql, con); cmd.CommandType = CommandType.StoredProcedure; if (ps != null && ps.Length > 0) { cmd.Parameters.AddRange(ps); } con.Open(); int effectedRows = cmd.ExecuteNonQuery(); // Add, delete, modify: ExecuteNonQuery con.Close(); return effectedRows; } } } }