sql 的数据类型
public static Agent CreateAgent(Agent agent)
??{
???IConnection cnn = ConnectionManager.GetConnection();
???cnn.Open();
???ITransaction trans = cnn.BeginTransaction();
???ICommand cmd;
???int i=0;
???int effectedRows = 0;
???Guid agentId = Guid.NewGuid();
???string sql = "INSERT INTO [B2B_Agent]( "
????+ " [AgentId], [Code], [Type], [Level],? "
????+ " [CompanyName], [CompanyNameShort], [ProvinceCode], [CityCode], "
????+ " [Address], [PostCode], [Linkman], [Email], [Tel], "
????+ " [MobileTel], [Msn], [QQ], [IsProvider], [IsPurchaser], [State], [RegisterDate], [Introducer], [CommisionMode]) "
????+ " VALUES(? "
????+ " ?, '', ?, ?, "
????+ " ?, ?, ?, ?, "
????+ " ?, ?, ?, ?, ?, "
????+ " ?, ?, ?, ?, ?, ?, getdate(), '', ?) ";
???cmd = cnn.CreateCommand(sql);
???cmd.Transaction = trans;
???cmd.SetGuid(i, agentId); i++;
???cmd.SetInt(i, agent.Type); i++;
???cmd.SetInt(i, agent.Level); i++;
???cmd.SetNVarChar(i, agent.CompanyName); i++;
???cmd.SetNVarChar(i, agent.CompanyNameShort); i++;
???cmd.SetInt(i, agent.ProvinceCode); i++;
???cmd.SetInt(i, agent.CityCode); i++;
???cmd.SetNVarChar(i, agent.Address); i++;
???cmd.SetVarChar(i, agent.PostCode); i++;
???cmd.SetNVarChar(i, agent.Linkman); i++;
???cmd.SetVarChar(i, agent.Email);i++;
???cmd.SetVarChar(i, agent.Tel); i++;
???cmd.SetVarChar(i, agent.MobileTel); i++;
???cmd.SetVarChar(i, agent.Msn); i++;
???cmd.SetVarChar(i, agent.QQ); i++;
???cmd.SetBit(i, agent.IsProvider); i++;
???cmd.SetBit(i, agent.IsPurchaser); i++;
???cmd.SetInt(i, agent.State); i++;
???cmd.SetInt(i, agent.CommisionMode); i++;
???//cmd.SetBit(i, agent.IsProvider); i++;
???//cmd.SetBit(i, agent.IsPurchaser); i++;
???try
???{
????effectedRows = cmd.ExecuteNonQuery();
???}
???catch(Exception e)
???{
????goto Error;
???}
???????????
???if (!(effectedRows >0))
???{
????goto Error;
???}
???trans.Commit();
???cnn.Close();
???return GetAgentById(agentId);
???Error:
????trans.Rollback();
???cnn.Close();
???return null;
??} "?" 的作用是防止編碼混亂;或者delete table1 where a=1 or 1=1
declare @A varchar set@A='1 or 1=1'
delete table1 where a=@A
轉載于:https://www.cnblogs.com/liufei88866/archive/2007/11/20/966018.html
總結
- 上一篇: 20个寓言故事及道理欣赏
- 下一篇: 代码生成工具随笔(3)---占领最后一块