like:
... SqlCommand cmd = new SqlComand(); cmd.CommandText = "select * from tblUsers where UserName like @Name + '%'"; cmd.Parameters.Add("@Name",txtNAME.Text.Trim()); ...
in:(要把每個條件各自獨立一個Parameter)
... SqlCommand cmd = new SqlComand(); StringBuilder tempSql = new StringBuilder(); string[] aryName = "Tim,John,Ken".Split(","); for (int I = 0 ; I < aryName.Length ; I++) { if (tempSql.ToString() != "") tempSql.Append(","); tempSql.Append("@Name" + I.ToString()); cmd.Parameters.Add("@Name" + I.ToString(), aryName[I]); } cmd.CommandText = string.Format("select * from tblUsers where UserName in ({0})", tempSql.ToString()); ...
沒有留言:
張貼留言