Ado.net中DataSet和SqlDataReader的区别
时间:2022-03-13 22:50
using (SqlConnection conn = new SqlConnection("Data Source=.; Initial Catalog=MyTest;User ID=sa;Password=123456")) { conn.Open(); using (SqlCommand cmd = conn.CreateCommand()) { // 输入 1' or '1'='1 会造成SQL注入漏洞 // cmd.CommandText = "select age from T_STudent where Name='"+txtName.Text+"'"; cmd.CommandText = "select age from T_Student where Name=@Name or Age>@aaa"; cmd.Parameters.Add(new SqlParameter("@Name", txtName.Text)); cmd.Parameters.Add(new SqlParameter("@aaa" , Convert.ToInt32(txtAGe.Text))); //insert into .... values(@Name,@Age) //delete .... where Id=@HahahId //update t1 set Age=@myage //@参数不能用来替换表名、字段名、select之类的关键字等 //cmd.CommandText = "select age from @TableName"; //cmd.Parameters.Add(new SqlParameter("@TableName", "T_Student")); //cmd.Parameters.Add(new SqlParameter("@Name", txtName));//初学者不要写错成这样 using (SqlDataReader reader = cmd.ExecuteReader()) { while (reader.Read()) { //GetInt32获得的是int类型 //GetInt64获得的是long类型(数据库中是bigint) int age = reader.GetInt32(0); MessageBox.Show(age.ToString()); } } } }
using (SqlConnection conn = new SqlConnection("Data Source=.; Initial Catalog=MyTest;User ID=sa;Password=123456")) { conn.Open(); using (SqlCommand cmd = conn.CreateCommand()) <span style="white-space:pre"> </span> { cmd.CommandText = "select * from T_Student where Age<@aaa"; cmd.Parameters.Add(new SqlParameter("@aaa", 60)); //cmd.ExecuteReader( //SqlDataAdapter是一个帮我们把SqlCommand查询结果填充到DataSet //中的类 SqlDataAdapter adapter = new SqlDataAdapter(cmd); //DataSet相当于本地的一个复杂集合(List<int>) DataSet dataset = new DataSet(); adapter.Fill(dataset);//执行cmd并且把SqlCommand查询结果填充到DataSet DataTable table = dataset.Tables[0]; DataRowCollection rows = table.Rows; for (int i = 0; i < rows.Count; i++) { DataRow row = rows[i]; int age = (int)row["Age"]; string name = (string)row["Name"]; MessageBox.Show(name + "," + age); } }
Ado.net中DataSet和SqlDataReader的区别,布布扣,bubuko.com