Question

我正在尝试在SELECT sql语句中检索cookie值，这是我的代码

      SELECT orders.order_id, orders.order_date, orders.payment_type, 
    orders.cardnumber, packages.Package_name, orders.package_id,
 packages.package_price 
    FROM orders INNER JOIN packages ON orders.package_id = packages.Package_ID 
    WHERE (orders.username = '**value here**')

我需要在orders.username = '**value here**'

中检索Cookie的值

我的Cookie是：Request.Cookies["Username"].Value

Answer 1

使用参数化查询，其中cookie的值是传入的参数。

string sql = "SELECT orders.order_id, 
                orders.order_date, 
                orders.payment_type, 
                orders.cardnumber, 
                packages.Package_name, 
                orders.package_id, 
                packages.package_price 
              FROM orders INNER JOIN packages ON orders.package_id = packages.Package_ID 
              WHERE (orders.username = @UserName)"

using (SqlConnection connection = new SqlConnection(connectionString))
{
    SqlCommand command = new SqlCommand(sql, connection);
    command.Parameters.Add("@ID", SqlDbType.VarChar, 200);
    ...
}

Answer 2

您应该使用参数化的SQL语句，与SQL本身分开指定参数值。

SqlCommand.Parameters的文档举例说明。

从SELECT语句中的cookie获取值

2 个答案: