与任何其他查询相同:
a)
OleDbCommand用占位符(以前缀)替换其中的实际硬编码参数
@,
b)将的实例添加
OleDbParameter到
DbCommand.Parameters属性中。参数名称必须与占位符名称匹配。
[WebMethod]public void bookRatedAdd(string title, int rating, string review, string ISBN, string userName){ using (OleDbConnection conn = new OleDbConnection( "Provider=Microsoft.Jet.OleDb.4.0;"+ "Data Source="+Server.MapPath("App_Data\BookRateInitial.mdb")); { conn.Open(); // DbCommand also implements IDisposable using (OleDbCommand cmd = conn.CreateCommand()) {// create command with placeholderscmd.CommandText = "INSERT INTO bookRated "+ "([title], [rating], [review], [frnISBN], [frnUserName]) "+ "VALUES(@title, @rating, @review, @isbn, @username)";// add named parameterscmd.Parameters.AddRange(new OleDbParameter[]{ new OleDbParameter("@title", title), new OleDbParameter("@rating", rating), ...});// executecmd.ExecuteNonQuery(); } }}
