C# 中用 Sqlparameter 的两种用法

create table abc(id int IDENTITY(1,1) NOT NULL,name nvarchar(100) ,sex nvarchar(10))insert into abc values(‘asf','男')insert into abc values(‘ai','女')

create procedure selbyid(@id int,@thename nvarchar(100) output)asselect @thename= name from abc where id=@id

public string connString = ConfigurationManager.ConnectionStrings["connStr"].ConnectionString;//存储链接字符串，方便资源复用。public SqlConnection getcon( ){SqlConnection conn = new SqlConnection();conn.ConnectionString = connString;return conn;}private void btnsqlparauseing_Click(object sender, EventArgs e){SqlConnection con = getcon();con.Open();string sqlstr = "insert into abc values(@name,@sex)"; //免除sql注入攻击SqlCommand cmd = new SqlCommand( );cmd.Connection = con;cmd.CommandText = sqlstr;SqlParameter para = new SqlParameter(); //声明参数para= new SqlParameter("@name", SqlDbType.NVarChar,100);//生成一个名字为@Id的参数,必须以@开头表示是添加的参数，并设置其类型长度，类型长度与数据库中对应字段相同，但是不能超出数据库字段大小的范围，否则报错。para.Value = txtname.Text.ToString().Trim(); //这个是输入参数，所以可以赋值。cmd.Parameters.Add(para);            //参数增加到cmd中。para = new SqlParameter("@sex", SqlDbType.NVarChar, 10);para.Value = txtsex.Text.ToString().Trim();cmd.Parameters.Add(para);int i =cmd.ExecuteNonQuery(); //执行sql语句，并且返回影响的行数。MessageBox.Show(i.ToString() + "命令完成行受影响插入成功", "提示",MessageBoxButtons.OK,MessageBoxIcon.Information);con.Close();}

private void btnshuchu_Click(object sender, EventArgs e){SqlConnection con = getcon();con.Open();SqlCommand cmd = new SqlCommand();cmd.Connection = con;cmd.CommandText = "selbyid"; //存储过程的名称cmd.CommandType = CommandType.StoredProcedure; //说明是存储过程SqlParameter para = new SqlParameter();     //声明sqlparameter参数para = new SqlParameter("@id", SqlDbType.Int); //这个参数是输入参数para.Value = int.Parse(txtid.Text.ToString().Trim()); //因为是输入参数所以可以赋值cmd.Parameters.Add(para); //加入cmd中para=new SqlParameter("@thename",SqlDbType.NVarChar,100);//参数的大小可以小于数据库的参数规定值，但不能够大于数据库的参数大小。cmd.Parameters.Add(para); //和下面一句不可掉乱，先增加再指明它是输出参数来的。cmd.Parameters["@thename"].Direction = ParameterDirection.Output; //增加后，用output说明是输出参数。int i=cmd.ExecuteNonQuery();string name = cmd.Parameters["@thename"].Value.ToString(); //经过执行，存储过程返回了输出参数。MessageBox.Show("命令完成 " + name + "是所查记录", "提示", MessageBoxButtons.OK, MessageBoxIcon.Information);con.Close();}

private void btnothers_Click(object sender, EventArgs e){SqlConnection con = getcon();SqlCommand cmd = new SqlCommand();cmd.Connection = con;cmd.CommandText = "selbyid";cmd.CommandType = CommandType.StoredProcedure;SqlParameter para = new SqlParameter();cmd.Parameters.AddWithValue("@id", Convert.ToInt32(txtid.Text.Trim()));//输入参数可以用addWithValue来格式化参数，但输出参数只能用Addcmd.Parameters.Add("@thename", SqlDbType.NVarChar,100).Direction = ParameterDirection.Output; //和下面一句不可顺序掉乱，否则会报错，先加入cmd中再指明它是输出参数来的。con.Open();int i = cmd.ExecuteNonQuery();string name = cmd.Parameters["@thename"].Value.ToString(); //输出参数返回一个数值。MessageBox.Show("命令完成 " + name + "是所查记录", "提示", MessageBoxButtons.OK, MessageBoxIcon.Information);con.Close();}

private void btnshuzu_Click(object sender, EventArgs e){SqlConnection con = getcon();SqlCommand cmd = new SqlCommand();cmd.Connection = con;cmd.CommandText = "selbyid";cmd.CommandType = CommandType.StoredProcedure;SqlParameter[] para = { new SqlParameter("@id", SqlDbType.Int)};para[0].Value = Convert.ToInt32(txtid.Text.ToString().Trim());cmd.Parameters.AddRange(para); //输入参数和输出参数分别加入到cmd.Parameter中。cmd.Parameters.Add("@thename",SqlDbType.NVarChar,100).Direction = ParameterDirection.Output; //和下面一句不可掉乱，先增加再指明它是输出参数来的。   con.Open();int i = cmd.ExecuteNonQuery();string name = cmd.Parameters["@thename"].Value.ToString();MessageBox.Show("命令完成 " + name + "是所查记录", "提示", MessageBoxButtons.OK, MessageBoxIcon.Information);con.Close();}