sql statement like and in parameterization, the normal way can not be achieved
Our general thinking is:
Like参数化查询:
string sqlstmt = "select * from users where user_name like '%@word%' or mobile like '%@word%'";
SqlParameter[] Parameters=new SqlParameter[1];
Parameters[0] = new SqlParameter("@word", "123");
In query parameters:
String SqlStmt = "SELECT * WHERE user_id from Users in (@user_ids)";
the SqlParameter [] = new new the SqlParameter the Parameters [. 1];
the Parameters [0] = new new the SqlParameter ( "@ user_ids", "1001, 1002 , 1006 ");
but in this program which is unenforceable, even if no error, is not out of the search results.
The correct solution is as follows:
like 参数:
string sqlstmt = "select * from users where user_name like '%'+ @word + '%' or mobile like '%'+ @word + '%'";
SqlParameter[] Parameters=new SqlParameter[1];
Parameters[0] = new SqlParameter("@word", "123");
in 参数
string sqlstmt = "exec('select * from users where user_id in ('+@user_ids+')')";
SqlParameter[] Parameters = new SqlParameter[1];
Parameters[0] = new SqlParameter("@user_ids", "1001,1002,1006");
Explain the principles of:
SQL parameterized queries can actually be tested in the SQL IDE (Microsoft SQL Server Management Studio) in.
Open Microsoft SQL Server Management Studio, create a new query, write the following command in the window:
- Like parameterized query command
the DECLARE @word VARCHAR (255);
the SET @ Word = '123';
the SELECT * from Users WHERE USER_NAME like '%' + @ Word + '%' or Mobile like '%' + @ Word + '% ';
this is equivalent Like parameterized queries command;
Similarly, the following parameters are In query words:
the DECLARE @user_ids VARCHAR (255);
the SET user_ids @ = '1001,1002,1006';
Exec ( 'SELECT * WHERE user_id from Users in (' + @ + user_ids ')') ;
Reference article:
http://blog.csdn.net/changhong009/article/details/7396005
| Disclaimer: This article uses Attribution - NonCommercial - ShareAlike (CC BY-NC-SA 3.0 CN) international licensing agreements to license, please indicate the author and source. |