对于以下代码,我在执行之前不知道列表框项目,因此我需要动态查询选择以下代码;需要对以下代码进行动态插入查询
string selectedTable = cmbImportItemList.Text;
string col1 = opLstCsl3.Items[0].ToString();
string col2 = opLstCsl3.Items[1].ToString();
string col3 = opLstCsl3.Items[2].ToString();
string col4 = opLstCsl3.Items[3].ToString();
string col5 = opLstCsl3.Items[4].ToString();
string col6 = opLstCsl3.Items[5].ToString();
string col7 = opLstCsl3.Items[6].ToString();
string col8 = opLstCsl3.Items[7].ToString();
//string[] coll = new string[100];
//string col9 = opLstCsl3.Items[8].ToString();
//'"+col1+"','"+col2+"','"+col3+"','"+col4+"'
using (SqlDataAdapter adater = new SqlDataAdapter("Select " + col1 + "," + col2 + "," + col3 + "," + col4 + "," + col5 + "," + col6 + "," + col7 + "," + col8 + " from " + selectedTable, new SqlConnection(Properties.Settings.Default.connectionstring2)))
{
adater.Fill(dttt);
}
你应该总是使用[参数化查询(http://blog.codinghorror.com /给-ME-参数-SQL或放弃的我死亡/)。这种字符串连接对于[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)攻击是开放的。 – 2014-11-06 07:22:33
使用存储过程会容易得多! – 2014-11-06 07:23:20
你可以给我一些指导,关于编写存储过程相同的查询 – 2014-11-06 07:26:19