在LIKE语句中插入参数化值
本文关键字:参数 插入 LIKE 语句 | 更新日期: 2023-09-27 18:07:24
我有一个方法,更新mysql数据库中的记录,查询工作得很好,当简单地使用时,字符串如下:
string query = @"UPDATE Batches SET `State`=@State, `PostDocCount`=@PostDocCount WHERE `FilePath` LIKE '%MYDIRECTORYSTRING%'";
虽然如果我用参数化查询代替MYDIRECTORYSTRING,例如:
string query = @"UPDATE Batches SET `State`=@State, `PostDocCount`=@PostDocCount WHERE `FilePath` LIKE '%@dirName%'";
它不再工作(记录没有更新)-我也确认了@dirName == MYDIRECTORYSTRING。所以我认为这是一个语法问题?(虽然这两个查询似乎都执行ok..)
下面是我的完整方法:
public void UpdateBatch(string postDocCount, string dirName, string state)
{
string query = @"UPDATE Batches SET `State`=@State, `PostDocCount`=@PostDocCount WHERE `FilePath` LIKE '%@dirName%'";
//Open connection
if (this.OpenConnection() == true)
{
//create mysql command
MySqlCommand cmd = new MySqlCommand();
//Assign the query using CommandText
cmd.CommandText = query;
//Assign the connection using Connection
cmd.Connection = connection;
// Parametized queries
cmd.Parameters.AddWithValue("@PostDocCount", postDocCount);
cmd.Parameters.AddWithValue("@State", state);
cmd.Parameters.AddWithValue("@dirName", dirName);
//Execute query
cmd.ExecuteNonQuery();
//close connection
this.CloseConnection();
}
}
在将dirName
变量分配给"@dirName"
参数之前,您应该合并%通配符
dirName = "%" + dirName + "%";
然后将SQL文本更改为
string query = @"UPDATE Batches SET `State`=@State, `PostDocCount`=@PostDocCount " +
"WHERE `FilePath` LIKE @dirName";