string sql = "update BookInfo set sl = sl-1 where id = " + Request.QueryString["id"];
sql = "insert into Borrow(U_code,U_name,B_id,B_day,B_state) values ('" + Session["Login_code"].ToString() + "','" + Session["Login_name"].ToString() + "','" + Request.QueryString["id"] + "','" + B_day.ToString() + "',N'借阅中')";
DAB.ExecuteNonQuery(sql);
string sql = "delete from BookInfo where id ='" + Request.QueryString["id"];
1、
string sql = "update BookInfo set sl = sl-1 where id = @id";
SqlCommand cmd = new SqlCommand(sql, con);
cmd.Parameters.Add(new SqlParameter("@id", SqlDbType.Int)).Value = Request.QueryString["id"];
cmd.ExecuteNonQuery();
2、
string sql = "insert into Borrow(U_code,U_name,B_id,B_day,B_state) values (@code,@name,@id,@day,@state)";
SqlCommand cmd = new SqlCommand(sql, con);
cmd.Parameters.Add(new SqlParameter("@code", SqlDbType.VarChar)).Value = Session["Login_code"].ToString();
cmd.Parameters.Add(new SqlParameter("@name", SqlDbType.VarChar)).Value = Session["Login_name"].ToString();
cmd.Parameters.Add(new SqlParameter("@id", SqlDbType.Int)).Value = Request.QueryString["id"];
cmd.Parameters.Add(new SqlParameter("@day", SqlDbType.Date)).Value = B_day;
cmd.Parameters.Add(new SqlParameter("@state", SqlDbType.NVarChar)).Value = "借阅中";
3、
string sql = "delete from BookInfo where id = @id";
SqlCommand cmd = new SqlCommand(sql, con);
cmd.Parameters.Add(new SqlParameter("@id", SqlDbType.Int)).Value = Request.QueryString["id"];
cmd.ExecuteNonQuery();
望采纳。