如何将存储过程与参数一起作为字符串传递给函数?将存储过程作为字符串传递
我想这个代码,但没有运气..
这是业务访问层的代码
try
{
string Query_string = "SP_InsertOffer_Tab @offer_name ='" + this.offer_name +"', @offer_price = " + this.offer_price + ",@start_date = '" + this.start_date +
"',@end_date = '" + this.end_date + "'";
int result = DbAcess.Insert_Query(Query_string);
return result;
}
catch (Exception ex)
{
throw ex;
}
finally
{
DbAcess = null;
}
数据库层的代码是相反如下
public int Insert_Query(string strSQL)
{
SqlConnection con = new SqlConnection();
con = OpenConnection();
try
{
sqlcmd = new SqlCommand();
sqlcmd.Connection = con;
sqlcmd.CommandType = CommandType.StoredProcedure;
sqlcmd.CommandText = strSQL;
int Result = sqlcmd.ExecuteNonQuery();
return Result;
}
catch (Exception ex)
{
throw ex;
}
finally
{
con.Close();
}
}
那么,什么是例外? – 2013-03-13 19:53:16
不要这样做:catch(Exception ex){throw ex; }'。 – Oded 2013-03-13 19:54:09
请阅读[SQL注入](http://en.wikipedia.org/wiki/SQL_injection) - SQL的字符串连接不好。 – Oded 2013-03-13 19:54:47