参数化 模糊查询 '(@str nvarchar(4000))select * from CMRC_Products where ModelName

我们按照常理写成这样:DataSet ds = SqlHelper.ExecuteDataSet(SqlHelper.Connstr, "select * from CMRC_Products where ModelName like '%@str%'", CommandType.Text,
                new SqlParameter("@str", str));这是错误的

 

 正确的应该是:DataSet ds = SqlHelper.ExecuteDataSet(SqlHelper.Connstr, "select * from CMRC_Products where ModelName like @str", CommandType.Text,
                new SqlParameter("@str", "%"+str+"%"));

posted @ 2017-11-14 19:41  -小打小闹小幸福ζ  阅读(647)  评论(0编辑  收藏  举报