SqlParameter 多个参数动态拼接解决参数化问题

多个参数化是固定比较easy,多个动态的就有点。。。工作中遇到的问题整理下来分享 ,上代码

            SqlParameter[] param = new SqlParameter[] { };
            List<SqlParameter> sqlParameterList = new List<SqlParameter>();   //这里是重点,要拿脑子记一下。

            if (!string.IsNullOrEmpty(cpId))
            {
                sql += " and  a.cpId =@cpId";
                sqlParameterList.Add(new SqlParameter { ParameterName = "@cpId", Value = cpId, SqlDbType = SqlDbType.VarChar, Size = 20 });
            }

            if (!string.IsNullOrEmpty(cpName))
            {
                sql += " and  b.name like @cpName";
                sqlParameterList.Add(new SqlParameter { ParameterName = "@cpName", Value = '%' + cpName + '%', SqlDbType = SqlDbType.VarChar, Size = 20 });

            }

            if (!string.IsNullOrEmpty(status))
            {
                sql += " and  b.status = @status";
                sqlParameterList.Add(new SqlParameter { ParameterName = "@status", Value = status, SqlDbType = SqlDbType.Int, Size = 10 });

            }

            //sql += " order by createdatetime desc ";

            param = sqlParameterList.ToArray();

最终是用 param  就 ok 了

原文地址:https://www.cnblogs.com/youmingkuang/p/8979225.html