sql 语句进行 like参数化,按照正常的方式是无法实现的
我们一般的思维是:
Like
string sql = "SELECT * FROM Person WHERE City LIKE'%@add%'";
var Parameters=new SqlParameter[]{new SqlParameter("@add", "成都")};
通过使用SQL Server Profiler工具跟踪结果
exec sp_executesql N'SELECT * FROM Person WHERE City LIKE''%@add%''',N'@add nvarchar(2)',@add =N'成都'
执行不报错也没有查询结果,查阅资料后应该是这样写
string sql = "SELECT * FROM Person WHERE City LIKE'%'+@add+'%'";
var Parameters=new SqlParameter[]{new SqlParameter("@add", "成都")};
END