问题描述

基本上Commands有Parameters，参数有Add、AddWithValue等函数.在所有教程中我见过，我通常注意到他们使用 Add 而不是 AddWithValue.

Basically Commands has Parameters and parameters has functions like Add, AddWithValue, and etc. In all tutorials i've seen, i usually noticed that they are using Add instead of AddWithValue.

.Parameters.Add("@ID", SqlDbType.Int)

对比

.Parameters.AddWithValue("@ID", 1)

是否有理由不使用 AddWithValue?我更喜欢使用它

Is there a reason NOT to use AddWithValue? I'd prefer to use that over

Parameters.Add("@ID", SqlDbType.Int, 4).Value = 1

因为它节省了我的编码时间.那么哪个更好用呢?哪个可以安全使用?它会提高性能吗?

since it saves my coding time. So which is better to use? Which is safe to use? Does it improves performance?

推荐答案

使用 Add() 方法，您可以通过指定数据的类型和长度来限制用户输入 - 特别是对于 varchar 列.

With Add() method you may restrict user input by specifying type and length of data - especially for varchar columns.

.Parameters.Add("@name",SqlDbType.VarChar,30).Value=varName;

如果 AddWithValue()(隐式转换值)方法，它将 nvarchar 值发送到数据库.

In case of AddWithValue() (implicit conversion of value) method, it sends nvarchar value to the database.