1.using (Object object name to be freed =new object to be freed ()) {}
2. Set parameterized commands to avoid SQL injection
2.1 Setting placeholders "do not write single quotes, name as far as possible and field names consistent, like '% ' [email protected] name + '% '"
2.2 Create a SqlParameter object, assign a value to a placeholder, and create a single object or array object
Parameters Add or AddRange to the 2.3 command object
3. Program call stored Procedure
3.1 SQL statements replaced with stored procedure names
CommandType type of 3.2 command =commandtype.storedprocedure
[TableDirect: Table name, Text:sql statement; StoredProcedure: Stored Procedure]
4. Program calls storage trailer with output parameters
4.1 SQL statements replaced with stored procedure names
CommandType type of 4.2 command =commandtype.storedprocedure
4.3 Create a SqlParameter object, assign a value to the parameters of a stored procedure, and create a single object or array object
4.4 Output parameters must be created separately, and set Direction=parameterdirection.output to its length and data type
"Remember to add to parameters that all parameter objects are added to the command's parameters"
4.5 Gets the value of the output parameter of the object outval= output parameter. Value
parameterized commands and program call stored procedures in C #