数据没有进入datagridview

时间:2013-12-29 19:08:46

标签: c# sql sql-server datagridview

我正在使用C#VS 2010开发一个应用程序。

我有以下代码,可以在datagridview中获取具有某个名称的学生详细信息。

var CommandText = @"SELECT sid as 'Student ID', name as 'Student Name', adDate as 
                  'Admission Date',
               paidFees as 'Fees Paid', balance as 'Fees Remaining'
                   FROM Student WHERE (status = '" + status + "') AND 
                   (name LIKE '%'+'"+txtSearchName.Text.Trim() + "'+'%')";
string select = CommandText;
            con.Open();
            SqlDataAdapter dataAdapter = new SqlDataAdapter(select, con); 

            SqlCommandBuilder commandBuilder = new SqlCommandBuilder(dataAdapter);
            DataSet ds = new DataSet();
            dataAdapter.Fill(ds);
            con.Close();
            dgvSearch.ReadOnly = true;
            dgvSearch.DataSource = ds.Tables[0];

我的问题是我只是获取表格的标题而不是下面截图的数据。 Search

这里有什么问题?

2 个答案:

答案 0 :(得分:1)

我认为您应该在打开'之后和关闭%之前放弃%

var CommandText = @"SELECT sid as 'Student ID', name as 'Student Name', adDate as 
              'Admission Date',
              paidFees as 'Fees Paid', balance as 'Fees Remaining'
              FROM Student WHERE (status = '" + status + @"') AND 
              (name LIKE '%" + name + "%')";

LIKE部分的格式应为LIKE '%somename%'

使用using构造包装SqlConnection也是一种很好的做法,这样你就不会忘记处理它(即使抛出异常也是如此。

using (var conn = new SqlConnection(...))
{
}

答案 1 :(得分:1)

我建议使用参数化查询。

var CommandText = @"SELECT sid as 'Student ID', name as 'Student Name', adDate as 
                  'Admission Date', paidFees as 'Fees Paid', balance as 'Fees Remaining'
                   FROM Student WHERE (status = @status) AND (name LIKE @stuname)";
string select = CommandText;
con.Open();
SqlDataAdapter dataAdapter = new SqlDataAdapter(select, con); 
dataAdapter.SelectCommand.Parameters.AddWithValue("@status", status);
dataAdapter.SelectCommand.Parameters.AddWithValue("@stuname", "%" + txtSearchName.Text.Trim() + "%");
SqlCommandBuilder commandBuilder = new SqlCommandBuilder(dataAdapter);
DataSet ds = new DataSet();
dataAdapter.Fill(ds);
....

通过这种方式,LIKE语句的引号和通配符字符串连接的问题大大简化,并且可以避免像% char周围的错误引号等细微错误。

当然这会删除任何可能的SQL Injection attack

相关问题
最新问题