?????????????????е??????
????SELECT cacheobjtype??objtype??usecounts??sql FROM sys.syscacheobjects
????WHERE sql LIKE '%Users%'  and sql not like '%syscacheobjects%'
???????????????

????????????????????????????????ò????????????????????????????????崫?????????????????????????????
??????????????????????????????????????varchar??nvarchar??char??nchar???????int??bigint??decimal??datetime????????????????????????(???????????????)?????????????UserID?int????????????????2??20??-1???????????????(@UserIDint)select*from Users where UserID=@UserID
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
SqlCommand comm = new SqlCommand();
comm.Connection = conn;
comm.CommandText = "select * from Users where UserID=@UserID";
//??? 2??????????2
//??м??(@UserID int)select * from Users where UserID=@UserID
comm.Parameters.Add(new SqlParameter("@UserID"?? SqlDbType.Int?? 2) { Value = 2 });
comm.ExecuteNonQuery();
}
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
SqlCommand comm = new SqlCommand();
comm.Connection = conn;
comm.CommandText = "select * from Users where UserID=@UserID";
//??? 2??????????20
//??м??(@UserID int)select * from Users where UserID=@UserID
comm.Parameters.Add(new SqlParameter("@UserID"?? SqlDbType.Int?? 20) { Value = 2 });
comm.ExecuteNonQuery();
}
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
SqlCommand comm = new SqlCommand();
comm.Connection = conn;
comm.CommandText = "select * from Users where UserID=@UserID";
//??? 2??????????-1
//??м??(@UserID int)select * from Users where UserID=@UserID
comm.Parameters.Add(new SqlParameter("@UserID"?? SqlDbType.Int?? -1) { Value = 2 });
comm.ExecuteNonQuery();
}
????????????£???????varchar(max)??nvarchar(max)?????????????????趨?????-1????
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
SqlCommand comm = new SqlCommand();
comm.Connection = conn;
comm.CommandText = "select * from Users where UserName=@UserName";
//?????varchar(max)???????????????-1
//??????? (@UserName varchar(max) )select * from Users where UserName=@UserName
comm.Parameters.Add(new SqlParameter("@UserName"?? SqlDbType.VarChar??-1) { Value = "username1" });
comm.ExecuteNonQuery();
}
????????????????ò????????????????SQL??????????в??????????????????????????SQL????????
???????????????????弰????
????1.??????SQL???
????2.?????????????(??????????ò?????)???????????????????????
????3.????????????????????????(varchar??nvarchar??char??)???????????????????????????(int??bigint??decimal??datetime??)?????????????????
????4.????varchar(max)????nvarchar(max)???????????????-1????
????5.??????Щ?Ь????洢?????????????????????Щ??????????£?????????洢????????????????????????????????????????洢?????ж????????????????????????????????????????±????????????????????????洢????????????????????????????