我想重构一些这样的代码:
dSQL = "INSERT INTO inventory ( id, pksize, Description, supplier_id, UnitCost, UnitList," +
" Qty, UPC, dept, subdept, upc_pack_size, supplier_item, bqu_id)" +
" VALUES" + "('" + id +"'" + ", " +
pksize + ",'" + desc +"'" +
",'" + supplierID +"'" + ", " + cost + ", "
+ list + ", " + qty +
",'" + UPC +"'" + ", " + dept + ", " +
subdept + ", " + UPCpkSize +
",'" + supplierItem +"','" + redemption + "')";
...对此:
dSQL = string.Format(
"INSERT INTO inventory ( id, pksize, Description, supplier_id, UnitCost, UnitList," +
" Qty, UPC, dept, subdept, upc_pack_size, supplier_item, bqu_id)" +
" VALUES {0}, {1}, {2}, {3}, {4}, {5}, {6}, {7}, {8}, {9}, {10}, {11}, {12}",
id, pksize, desc, supplierID, cost, list, qty, UPC, dept, subdept, UPCpkSize, supplierItem, redemption);
这种方法是否足够,还是必须将格式值括在单引号中?
更新
我刚刚注意到我添加了关于此代码的“回归时间”的评论:
// This works as a string.Format() assignment without param "?"s or single quotes because dSQL is not executed, it is simply passed to DBCommand for conditional display (if there is an exception)