使用OleDbParameter对象可以通过参数化查询来更新和插入数据。
更新数据示例:
using (OleDbConnection connection = new OleDbConnection(connectionString)){ connection.Open(); string query = "UPDATE [TableName] SET [Column1] = ?, [Column2] = ? WHERE [ID] = ?"; using (OleDbCommand command = new OleDbCommand(query, connection)) { command.Parameters.AddWithValue("@Column1Value", newValue1); command.Parameters.AddWithValue("@Column2Value", newValue2); command.Parameters.AddWithValue("@IDValue", id); command.ExecuteNonQuery(); }}插入数据示例:
using (OleDbConnection connection = new OleDbConnection(connectionString)){ connection.Open(); string query = "INSERT INTO [TableName] ([Column1], [Column2]) VALUES (?, ?)"; using (OleDbCommand command = new OleDbCommand(query, connection)) { command.Parameters.AddWithValue("@Column1Value", value1); command.Parameters.AddWithValue("@Column2Value", value2); command.ExecuteNonQuery(); }}在示例中,connectionString是连接字符串,TableName是表名,Column1和Column2是要更新或插入的列名,@Column1Value、@Column2Value和@IDValue是参数名称,newValue1、newValue2、id、value1和value2是参数的值。通过添加参数并为其指定值,可以实现参数化查询,从而防止SQL注入攻击,并提高查询的性能和安全性。
