//Wrong way MySqlCommand cmd = oldDb.GetSqlStringCommand(CommandType.Text,"SELECT * _ FROM users WHERE name LIKE '%@name%'"); MySqlParameter nameParameter= cmd.CreateParameter(); nameParameter.DbType = DbType.String; nameParameter.ParameterName = "@name"; nameParameter.Value = "John"; //Good way MySqlCommand cmd = oldDb.GetSqlStringCommand(CommandType.Text,"SELECT * _ FROM users WHERE name LIKE @searchText"); MySqlParameter nameParameter= cmd.CreateParameter(); nameParameter.DbType = DbType.String; nameParameter.ParameterName = "@searchText" nameParameter.Value = "%John%";
相关文章: