private static DataSet ParameterizedQuery(string customerID, DateTime beginDate, DateTime endDate)
{
// 문자열 상수만을 이용하고 있다. 가장 좋다.
string query = "SELECT * FROM Orders WHERE customerID = @customerID " +
"AND OrderDate >= @beginDate " +
"AND OrderDate <= @endDate";
SqlConnection conn = new SqlConnection(_ConnectionString);
SqlCommand cmd = new SqlCommand(query, conn);
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
cmd.Parameters.Add("@customerID", SqlDbType.NChar, 5).Value = customerID;
cmd.Parameters.Add("@beginDate", SqlDbType.DateTime).Value = beginDate;
cmd.Parameters.Add("@endDate", SqlDbType.DateTime).Value = endDate;
adapter.Fill(ds);
return ds;
}
댓글 없음:
댓글 쓰기