以下是我的代码。我想'int'类型函数将返回'int'value.Query在此代码中返回一个'int'值,但在此代码中返回值是什么?我不能在这里写return get_number。那我该怎么办?
我的代码:
public int CheckMatch(CourseSchedule courseInfo)
{
try
{
ConnectionObj.Open();
string get_number = "SELECT count(c_t_id) FROM course_teacher_table WHERE room_number = '" + courseInfo.RoomNumber + "' and class_days = '" + courseInfo.Days + "' and class_time = '" + courseInfo.ClassTime + "'";
CommandObj.CommandText = get_number;
CommandObj.ExecuteNonQuery();
return '???'
}
catch (Exception ex)
{
throw ex;
}
finally
{
if (ConnectionObj != null && ConnectionObj.State == ConnectionState.Open)
{
ConnectionObj.Close();
}
}
}
答案 0 :(得分:6)
而不是CommandObj.ExecuteNonQuery();,您可以这样做:
return Convert.ToInt32(CommandObj.ExecuteScalar());
您应该仅在更新或插入语句时使用ExecuteNonQuery()。对于返回单个结果的查询,您可以调用返回ExecuteScalar()的{{1}},您可以转换为object。
旁注。我没有看到你对参数进行总结。别这样做。否则,它很容易进行sql注入。
您必须使用参数化查询。
答案 1 :(得分:2)
除了从查询中获取数字之外,该代码还存在几个重要问题。下面的代码纠正了大部分内容:
public int CheckMatch(CourseSchedule courseInfo)
{
string get_number =
"SELECT count(c_t_id) " +
" FROM course_teacher_table" +
" WHERE room_number = @Room AND class_days = @Days AND class_time = @Time";
//.Net works best when you create a brand new connection object for most queries
using (var cn As New SqlConnection("connection string here"))
using (var cmd As New SqlCommand(get_number, cn))
{
//I'm guessing at sql column types here. Use the actual column types from the DB.
cmd.Parameters.Add("@Room", SqlDbType.NVarChar, 5).Value = courseInfo.RoomNumber;
cmd.Parameters.Add("@Days", SqlDbType.Int).Value = courseInfo.Days;
cmd.Parameters.Add("@Time", SqlDbType.NVarChar, 20).Value = courseInfo.ClassTime;
cn.Open();
return Convert.ToInt32(cmd.ExecuteScalar());
}
}