2
我有一个这样的查询:你可以在OdbcCommand中使用命名参数吗?
string command = @"SELECT COUNT(*) as cnt,
(
SELECT COUNT(*) FROM attend
WHERE (DATEPART(WEEKDAY,start_date) = 2 OR DATEPART(WEEKDAY,start_date) = 6)
AND empl_no = ? and pay_code = '051'
AND start_date BETWEEN ? AND ?
) as frimon
FROM attend as a
WHERE empl_no = ? and pay_code = '051'";
我可以计算出指定一个参数是具有?
(而不是使用@name
方法与一个SqlCommand)的唯一方法。这迫使我多次指定相同的参数(如empl_no
)。有没有办法使用命名参数与OdbcCommands,所以我可以只指定一个命名参数一次?
在滚动自己的代码时要小心,以替换不引入潜在SQL注入攻击的命名参数http://en.wikipedia.org/wiki/Sql_injection – 2011-03-04 06:09:15