Multiple parameterization is relatively easy to fix, and multiple dynamic ones are a little bit. . . Sort out the problems encountered at work and share them with the code
SqlParameter[] param = new SqlParameter[] { }; List<SqlParameter> sqlParameterList = new List<SqlParameter>(); //Here is the key point, you need to remember it. if (!string.IsNullOrEmpty(cpId)) { sql += " and a.cpId =@cpId"; sqlParameterList.Add(new SqlParameter { ParameterName = "@cpId", Value = cpId, SqlDbType = SqlDbType.VarChar, Size = 20 }); } if (!string.IsNullOrEmpty(cpName)) { sql += " and b.name like @cpName"; sqlParameterList.Add(new SqlParameter { ParameterName = "@cpName", Value = '%' + cpName + '%', SqlDbType = SqlDbType.VarChar, Size = 20 }); } if (!string.IsNullOrEmpty(status)) { sql += " and b.status = @status"; sqlParameterList.Add(new SqlParameter { ParameterName = "@status", Value = status, SqlDbType = SqlDbType.Int, Size = 10 }); } //sql += " order by createdatetime desc "; param = sqlParameterList.ToArray();
In the end, it is ok to use param