like参数化查询

  like查询根据个人习惯将通配符写到参数值中或在SQL拼接都可,两种方法执行效果一样,在此不在详述。

using (SqlConnection conn = new SqlConnection(connectionString))
{
  conn.Open();
  SqlCommand comm = new SqlCommand();
  comm.Connection = conn;
  //将 % 写到参数值中
  comm.CommandText = "select * from Users(nolock) where UserName like @UserName";
  comm.Parameters.Add(new SqlParameter("@UserName", SqlDbType.VarChar, 200) { Value = "rabbit%" });
  comm.ExecuteNonQuery();
}
using (SqlConnection conn = new SqlConnection(connectionString))
{
  conn.Open();
  SqlCommand comm = new SqlCommand();
  comm.Connection = conn;
  //SQL中拼接 %
  comm.CommandText = "select * from Users(nolock) where UserName like @UserName+'%'";
  comm.Parameters.Add(new SqlParameter("@UserName", SqlDbType.VarChar, 200) { Value = "rabbit%" });
  comm.ExecuteNonQuery();
}

  我的写作热情离不开您的肯定支持。