private string OracleSearchDemo(string cadqueueId)
{
string address = null;
using (OracleConnection cn = GetOraConnection())
{
string sqlGetAddress = "Select SvjDataAddress From Cadqueue Where CadqueueId = :CadqueueId";
OracleCommand cmd = new OracleCommand(sqlGetAddress, cn);
cmd.CommandType = CommandType.Text;
cmd.Parameters.Add(new OracleParameter("CadqueueId", cadqueueId));
cn.Open();
OracleDataReader dtr = cmd.ExecuteReader();
if (dtr.Read())
{
address = dtr["SvjDataAddress"].ToString();
// 修改数据
// string sqlChangeStatus = "update cadqueue q set q.status = :status Where CadqueueId = :CadqueueId";
// cmd.CommandText = sqlChangeStatus;
// cmd.Parameters.Clear();
// cmd.Parameters.Add("CadqueueId", cadqueueId);
// cmd.ExecuteNonQuery();
}
dtr.Close();
cn.Close();
}
return address;
}
private OracleConnection GetOracleConnection()
{
OracleConnection conn = new OracleConnection(); // connectString 最好通过 app.config 配置
conn.ConnectionString = "Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=***.***.***.***)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=***)));Persist Security Info=True;User ID=***;Password=***;" ;
return conn;
}
注意:为了防止SQL 注入, 采用参数化查询 (原理: 执行计划重用, 不用重新执行语法解析))
此外, oracle 数据库在参数化查询时,采用 ’‘:parameter’ , mysql 语句中使用 ‘‘’@parameter’