private string OracleSearchDemo(string cadqueueId) { string address = null; using (OracleConnection cn = GetOraConnection()) { string sqlGetAddress = "Select SvjDataAddress From Cadqueue Where CadqueueId = :CadqueueId"; OracleCommand cmd = new OracleCommand(sqlGetAddress, cn); cmd.CommandType = CommandType.Text; cmd.Parameters.Add(new OracleParameter("CadqueueId", cadqueueId)); cn.Open(); OracleDataReader dtr = cmd.ExecuteReader(); if (dtr.Read()) { address = dtr["SvjDataAddress"].ToString(); // 修改數據 // string sqlChangeStatus = "update cadqueue q set q.status = :status Where CadqueueId = :CadqueueId"; // cmd.CommandText = sqlChangeStatus; // cmd.Parameters.Clear(); // cmd.Parameters.Add("CadqueueId", cadqueueId); // cmd.ExecuteNonQuery(); } dtr.Close(); cn.Close(); } return address; } private OracleConnection GetOracleConnection() { OracleConnection conn = new OracleConnection(); // connectString 最好通過 app.config 配置 conn.ConnectionString = "Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=***.***.***.***)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=***)));Persist Security Info=True;User ID=***;Password=***;" ; return conn; }
注意:為了防止SQL 注入, 采用參數化查詢 (原理: 執行計划重用, 不用重新執行語法解析))
此外, oracle 數據庫在參數化查詢時,采用 ’‘:parameter’ , mysql 語句中使用 ‘‘’@parameter’