为什么我们在编写SQL查询之前编写@? [英] why do we write @ before writing a sql query ?
问题描述
我对在sql squeries中使用@时有一个疑问
虽然我们可以在参数化查询中使用@也是这样的 -
插入EMP(EmpName,Salary)值(@EmpName,@ Salary) - 我认为这里@用于userInput,但我不明白为什么@用于下面的代码???
i have a Doubt in mind about the use of @ in sql squeries
although we can use @ in parametrized query also like this --
insert into EMP (EmpName , Salary) values (@EmpName,@Salary) -- i think here @ is used for userInput ,but i dont get why @ is used in below code ???
string _Insert = @"insert into Details(fName,lName,DOB,City) Values('" + fName_Txt.Text + "','" + lName_Txt.Text + "','" +_Date.ToString() + "','" + City_Txt.Text + "')";
请帮助..谢谢提前
pls help ..thanks in advance
推荐答案
它是一个C#的东西 - 它意味着字面上解释字符串或''按原样''...也就是说
Its a C# thing - it means interpret the string literally or ''as is'' .. that is to say
String myFilePath1 = @"Drive:\Path\File.Ext";
不会导致错误 - \ P和\ F不会被解释,但是
Won''t cause an error - the "\P" and "\F" are not interpreted, but
String myFilePath2 = "Drive:\Path\File.Ext";
会导致错误,因为\ P和\ F无法识别/有效的转义序列 - 你必须使它成为
WILL cause an error because "\P" and "\F" are not recognised/a valid escape sequence - you have to make it
String myFilePath2 = "Drive:\\Path\\File.Ext";
没有''@' 'sign
''g''
without the ''@'' sign
''g''
@ sign代表SQL服务器中的变量
其范围仅限于使用它的批次。
所以,如果你是传递(@EmpName,@ Salary)到t他是sql,这意味着你是以参数的形式将一些变量传递给SQL。
@ sign stands for a variable in SQL server
Its scope is Limited to the batch in which it is used.
So if you are passing (@EmpName,@Salary) to the the sql, it means you are passing some variables to SQL in the form of parameters.
btw,最后,作为一个好的形式,我会参数化SQL语句并避免像这样构建它 - 你让自己开放''SQL注入'' - google it
短版本是如果某人有意进入''; drop table x cascade''(例如)并且被添加到SQL starement并执行了?
..只是说
''g''
btw, lastly, as a matter of good form, I''d parameterise the SQL statement and avoid building it like this - you leave yourself open to ''SQL Injection'' - google it
the short version is "what if someone deliberatly entered '';drop table x cascade'' (for example) and that was added into the SQL starement and executed ?"
.. just saying
''g''
这篇关于为什么我们在编写SQL查询之前编写@?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!