5

我想将 select 语句的结果值检索到字符串变量中。像这样:

OleDbCommand cmd1 = new OleDbCommand();
cmd1.Connection = GetConnection();
cmd1.CommandText = "SELECT treatment FROM appointment WHERE patientid = " + text;
cmd1.ExecuteNonQuery();

我想将选定的治疗值放入字符串变量中。我怎样才能做到这一点?

4

7 回答 7

21

ExecuteReader()而不用ExecuteNonQuery()ExecuteNonQuery()仅返回受影响的行数。

try
{
    SqlDataReader dr = cmd1.ExecuteReader();
}
catch (SqlException oError)
{

}
while(dr.Read())
{
    string treatment = dr[0].ToString();
}

或者更好的是,为它使用一个using声明

using(SqlDataReader dr = cmd1.ExecuteReader())
{
    while(dr.Read())
    {
        string treatment = dr[0].ToString();
    }
}

但是,如果您SqlCommand只返回1列,则可以使用该ExecuteScalar()方法。它返回第一行的第一列,如下所示: -

cmd.CommandText = "SELECT treatment FROM appointment WHERE patientid = " + text;
string str = Convert.ToString(cmd.ExecuteScalar());

您也可以将代码打开到SQL Injection。始终使用参数化查询。Jeff 有一篇很酷的博客文章,名为Give me parameterized SQL, or give me death。请仔细阅读。另请阅读DotNetPerl SqlParameter文章。当您进行查询时,SQL 注入非常重要。

于 2012-12-26T13:30:58.120 回答
4

执行标量:从数据库方法获取单个值以从数据库中检索单个值(例如,聚合值)。

cmd1.Connection = GetConnection();
cmd1.CommandText = "SELECT treatment FROM appointment WHERE patientid = " + text;
if(cmd.ExecuteScalar()==null)
{
    var treatment = cmd.ExecuteScalar();
}

其他方式:ExecuteReader()

try
{
    cmd1.CommandText ="SELECT treatment FROM appointment WHERE patientid=@patientID";
    cmd1.Parameters.AddWithValue("@patientID", this.DropDownList1.SelectedValue);

    conn.Open();
    SqlDataReader dr = cmd1.ExecuteReader();
    while (dr.Read())
    {
        int PatientID = int.Parse(dr["treatment"]);
    }
    reader.Close();
    ((IDisposable)reader).Dispose();//always good idea to do proper cleanup
}
catch (Exception exc)
{
    Response.Write(exc.ToString());
}
于 2012-12-26T13:36:13.473 回答
1

答案: 

String res = cmd1.ExecuteScalar();

备注:使用参数化查询防止sql注入

于 2012-12-26T13:31:49.197 回答
0

您只需要使用命令的 ExecuteScalar 方法 - 这将为您提供结果集第一行和第一列的值。

OleDbCommand cmd1 = new OleDbCommand();
cmd1.Connection = GetConnection();
cmd1.CommandText = "SELECT treatment FROM appointment WHERE patientid = " + text;
var result = cmd1.ExecuteScalar();

如果您的 SQL 语句返回多于一行/一列,那么您可以使用 ExecuteReader()。

于 2012-12-26T13:31:47.633 回答
0

您需要使用 OleDbAdapter。

string connection = "your connection";
string query = "SELECT treatment FROM appointment WHERE patientid = " + text;
OleDbConnection conn = new OleDbConnection(connection);
OleDbDataAdapter adapter = new OleDbDataAdapter();
adapter.SelectCommand = new OleDbCommand(query, conn);
adapter.Fill(dataset);
于 2012-12-26T13:35:50.483 回答
0

您的示例代码有很多问题。

  1. 你有内联 sql,它以一种主要的方式为你打开了 sql 注入的大门。

  2. 您正在使用 ExecuteNonQuery() 这意味着您没有得到任何数据。

     string sSQL = "SELECT treatment FROM appointment WHERE patientid = @patientId";
 OleDbCommand cmd1 = new OleDbCommand(sSQL, GetConnection()); // This may be slight different based on what `GetConnectionReturns`, just put the connection string in the second parameter.


    cmd1.Parameters.AddWithValue("@patientId", text);
    SqlDataReader reader = cmd1.ExecuteReader();
    string returnValue;
    while(reader.Read())
    {
       returnValue = reader[0].ToString();
    }
于 2012-12-26T13:36:26.460 回答
0 
SqlConnection dbConnect = new SqlConnection("your SQL connection string");    
string name = " 'ProjectName' ";
string strPrj = "Select e.type, (e.surname +' '+ e.name) as fulln from dbo.tblEmployees e where id_prj = " + name;
        SqlCommand sqlcmd = new SqlCommand(strPrj, dbConnect);
        SqlDataAdapter sda = new SqlDataAdapter(strPrj, dbConnect);
        ds = new DataSet();
        sda.Fill(ds);
        dbConnect.Open();
        sqlcmd.ExecuteNonQuery();
        dbConnect.Close();
于 2014-10-27T07:33:21.717 回答