1

//N 文字を使用してプログラムでアラビア語フィールドを更新する方法 (first name ="الاسم الاول")...つまり

UPDATE  students SET first_name = N'الاسم' , last_name = N'الاسم الاخير' , father_name = N'الاسم الاخير' , mother_name = '', birth_date = '1/1/1990 12:00:00 AM' , education_level = '' , address = '' , notes = '' WHERE student_id = 33

//MSSQL-Server でこのコマンドを使用していますが、C# プログラムで UPDATE コマンドを使用しようとしています

 public string student(int id, string first_name, string last_name, string father_name, string mother_name, DateTime birth_date, string education_level, string address, 
         int[] phone_numbers, int[] old_phone_numbers, string notes)
    {
        SqlConnection SQLconnection = new SqlConnection(connectionString);
        SqlCommand command = SQLconnection.CreateCommand();
        SQLconnection.Open();
        command.CommandText = "UPDATE  students SET " +
        "first_name = " + "'" + first_name + "'" + " , last_name = " + "'" + last_name + "'" +
         " , father_name = " + "'" + father_name + "'" + " , mother_name = " + 
        "'" + mother_name + "'" + ", birth_date = " + "'" + birth_date + "'" +
        " , education_level = " + "'" + education_level + "'"  +
        " , address = " + "'" + address + "'" + " , notes = " + "'" + notes + "'" +
        " WHERE student_id = " + id ;
        command.ExecuteNonQuery();
        SQLconnection.Close();

//これらの構文よりも優れた明確な方法はありますか?

4

1 に答える 1

1

最良の方法は、Parametersを使用することです。このような:

command.CommandText = @"UPDATE  students SET 
first_name = @first_name, 
last_name = @last_name,
//... and so on...
WHERE student_id = @id";
command.Parameters.AddWithValue("@first_name", first_name);
command.Parameters.AddWithValue("@last_name", last_name);
//... and so no...
command.Parameters.AddWithValue("@id", id);
于 2012-06-18T12:25:31.380 に答える