public datatable getuserlist(string strparam1,string strparam2,string strparam3,string strparam4)
{
stringbuilder sqlcontent = new stringbuilder();
arraylist paramlist = new arraylist();
sqlcontent.append(" select ");
sqlcontent.append(" column1");
sqlcontent.append(" ,column2");
sqlcontent.append(" ,column3 ");
sqlcontent.append(" ,column4 ");
sqlcontent.append(" from ");
sqlcontent.append(" tab_temp ");
sqlcontent.append(" where 1=1");
// 判断参数是否为空或""
if (!string.isnullorempty(strparam1))
{
sqlcontent.append(" and column1 like @param1 ");
// 添加参数
paramlist.add(new mysqlparameter("@param1", "%" + strparam1+ "%"));
}
if (!string.isnullorempty(strparam2))
{
sqlcontent.append(" and column2 like @param2 ");
paramlist.add(new mysqlparameter("@param2", "%" + strparam2 + "%"));
}
if (!string.isnullorempty(strparam3))
{
sqlcontent.append(" and column3 like @param3 ");
paramlist.add(new mysqlparameter("@param3", "%" + strparam3+ "%"));
} //
脚本学堂
www.jb200.com
if (!string.isnullorempty(strparam4))
{
sqlcontent.append(" and column4 like @param4 ");
paramlist.add(new mysqlparameter("@param4", "%" + strparam4+ "%"));
}
try
{
// 获取db链接
dbconn.getconnection();
objdt = new datatable();
// 调用dbutil中查询方法
objdt = dbconn.executequery(sqlcontent.tostring(), paramlist);
}
catch (exception e)
{
throw e;
}
finally
{
// 关闭db链接
dbconn.closeconnection();
}
return objdt;
}
正确的写法:
sqlcontent.append(" and column1 like @param1 ");
// 添加参数
paramlist.add(new mysqlparameter("@param1", "%" + strparam1+ "%"));
错误的写法:
sqlcontent.append(" and column1 like ‘%@param1%‘ ");
// 添加参数
paramlist.add(new mysqlparameter("@param1", strparam1));
