首先,我有一个存储过程
CREATE PROCEDURE AddSomething( @zonename varchar(50),@desc varchar(255),@TheNewId int OUTPUT ) AS BEGIN INSERT INTO a_zone(zonename,descr) VALUES(@zonename,@desc) SELECT @TheNewId = SCOPE_IDENTITY() END
如果我以这种方式添加参数有什么区别
sqlCommand Cmd = new sqlCommand("AddSomething",oConn); Cmd.CommandType = CommandType.StoredProcedure; sqlParameter oParam1 = Cmd.Parameters.AddWithValue("@zonename",sName); sqlParameter oParam2 = Cmd.Parameters.AddWithValue("@desc",description);
和
sqlCommand Cmd2 = new sqlCommand("AddSomething",oConn); Cmd2.CommandType = CommandType.StoredProcedure; cmd2.Parameters.Add("@zonename",sqlDbType.VarChar).Value = zonename.Text.Trim(); cmd2.Parameters.Add("@desc",sqlDbType.VarChar).Value = desc.Text.Trim();
请帮帮我
谢谢你的期待
解决方法
difference between command Add and AddWithValue
Dim cmd as new sqlCommand("SELECT * FROM MyTable WHERE MyDate>@TheDate",conn) cmd.Parameters.Add("@TheDate",sqlDbType.DateTime).Value="2/1/2007"
VS
cmd.Parameters.AddWithValue("@TheDate","2/1/2007")
“当进入参数时,Add强制从字符串到日期的转换.AddWithValue只是将字符串传递给sql Server.
When using
Parameters.Add– the S qlDbTypeis known at compile timeWhen using
Parameters.AddWithValuethe method has to Box and unBox the value to find out it’s type.Additional benefits of the former is that
Addis a bit more code safe
and will assist against sql injection attacks,code safe in terms
that if you try to pass a value that doesn’t match the sqldb type
defined – the error will be caught in .Net code and you will not have
to wait for the round trip back.
> http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters.aspx
> http://msdn.microsoft.com/en-us/library/yy6y35y8.aspx
编辑:
C#
cmd.Parameters.Add(new sqlParameter("@TheNewId",sqlDbType.Int,int.MaxValue)); cmd.Parameters("@TheNewId").Direction = ParameterDirection.Output; cmd.ExecuteNonQuery(); int theNewID = (int)cmd.Parameters("@TheNewId").Value;
VB.Net
cmd.Parameters.Add(New sqlParameter("@TheNewId",Int32.MaxValue)) cmd.Parameters("@TheNewId").Direction = ParameterDirection.Output cmd.ExecuteNonQuery() Dim theNewID As Int32 = DirectCast(cmd.Parameters("@TheNewId").Value,Int32)
