我正在尝试创建一个语句来检查来自foxpro数据库的数据对c#
中的字符串然而,我似乎无法让它工作,在这里使用参数化查询有助于实现我正在尝试做的事情?
string PROPCODE = "IMPORT_" + ID;
string leadtenant = clcodet;
using (OleDbCommand tenantpopulation = new OleDbCommand(@"SELECT
CLCODE,
CLCODEDESC
FROM CLIENT WHERE PROPCODET = " + PROPCODE, importConnection))
{
string tenants = "";
if (@"CLCODE" = leadtenant)
{
if (tenants != String.Empty)
{
//do something
}
}
}
要澄清,我想检查从租户人口调用的CLCODE是否匹配代码中其他地方定义的leadtenant
答案 0 :(得分:2)
其他人已经注意到使用参数是要走的路(不仅在VFP中,而且在任何SQL数据库中)。它们不仅用于防止SQL注入攻击,还使用驱动程序负责转换为正确字符串的参数,添加/删除括号,引号等。
string PROPCODE = "IMPORT_" + ID;
string leadtenant = clcodet;
using (OleDbCommand tenantpopulation = new OleDbCommand(@"SELECT
CLCODE
FROM CLIENT WHERE PROPCODET = ?", importConnection))
{
tenantpopulation.Parameters.AddWithValue("p", PROPCODE);
// rest of code seem to be meaningless
// and I didn't see any code where you run your query
// depending on your requirement, I assume PROPCODET is a primary key?
// if so then you to do the check you only need to return the CLCODE
// with ExecuteScalar:
importConnection.Open();
var clcode = (string)tenantpopulation.ExecuteScalar();
importConnection.Close();
string tenants = "";
// in C# equality check is done with == NOT = (assingment)
if (clcode == leadtenant)
{
// tenants is always String.Empty here
if (tenants != String.Empty)
{
//do something
}
}
}