参数化 模糊查询 '(@str nvarchar(4000))select * from CMRC_Products where ModelName

时间:2021-09-24 06:24:07

我们按照常理写成这样:DataSet ds = SqlHelper.ExecuteDataSet(SqlHelper.Connstr, "select * from CMRC_Products where ModelName like '%@str%'", CommandType.Text,
                new SqlParameter("@str", str));这是错误的

 

 正确的应该是:DataSet ds = SqlHelper.ExecuteDataSet(SqlHelper.Connstr, "select * from CMRC_Products where ModelName like @str", CommandType.Text,
                new SqlParameter("@str", "%"+str+"%"));

标签:

相关文章