动态表名称和行 [英] dynamic table name and row
本文介绍了动态表名称和行的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
protected void Button2_Click(object sender, EventArgs e)//check the email
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["connection"].ConnectionString);
SqlCommand com = new SqlCommand();
con.Open();
com.Connection = con;
string cmd7 = "select count(*) '" + column + "' from '" + table + "' where '" + column + "' ='" + emailtxt.Value + "'";
SqlCommand cmd7x = new SqlCommand(cmd7, con);
int temp = Convert.ToInt32(cmd7x.ExecuteScalar());
if (temp == 1)
字符串(表和列)在部分类中定义...我如何使动态选择语句... thnx
推荐答案
试试这个:
Try this:
string cmd7 = "select count(*) " + column + " from " + table + " where " + column + " ='" + emailtxt.Value + "'";
--Amit
--Amit
如果你想使用列
,table
和电子邮件
构建动态查询,请参阅:
If you want to usecolumn
,table
and
protected void Button2_Click(object sender, EventArgs e)//check the email
{
string column = ColumnTxt.Text; //or "MyColumnName"
string table = TableTxt.Text; //or "MyTableName"
string email = EmailTxt.Text;
//...
//...
string cmd7 = "select count(*) " + column + " from " + table + " where " + column + " ='" + email + "'";
//or
//string cmd7 = "select count(*) MyColumnName from MyTableName where MyColumnName ='" + email + "'";
但这是个坏主意。请阅读 SQL注入 [ ^ ]。为避免sql注入,请编写存储过程 [ ^ ]检查是否电子邮件存在于您的数据库中。
将存储过程与命令一起使用[ ^ ]
在存储过程中构建动态SQL [ ^ ]
But this is bad idea. Please, read abuot SQL Injection[^]. To avoid sql injection write stored procedure[^] to check if email exists in your database.
Using Stored Procedures with a Command[^]
Building Dynamic SQL In a Stored Procedure[^]
这篇关于动态表名称和行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文