使用任何具有输入的文本框过滤DataGrid

时间:2014-03-13 09:29:18

标签: sql vb.net datagridview textbox

该方案应该是任何或多个TextBox非空,并将其显示在DataGridView上。

我认为我的SQL不正确。

 Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

    Dim Command1 As New OleDbCommand

    Dim i2 As Integer
    Dim sql1 As String

    Try
        Dim cnn3 = New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=StudentInfoSysDB.accdb;")
        cnn3.Open()
        If txtID.Text <> "" OrElse txtLastN.Text <> "" OrElse txtFirstN.Text <> "" OrElse txtMiddleN.Text <> "" OrElse txtCourse.Text <> "" OrElse txtYear.Text <> "" OrElse txtGender.Text <> "" OrElse txtSection.Text <> "" Then

            sql1 = "Select * from Students Where([ID],[LastName],[FirstName],[MiddleName],[Course],[Year],[Gender],[Section]) VALUES('" & txtID.Text & "','" & txtLastN.Text & "','" & txtFirstN.Text & "','" & txtMiddleN.Text & "','" & txtCourse.Text & "','" & txtYear.Text & "','" & txtGender.Text & "','" & txtSection.Text & "')"
            Command1 = New OleDbCommand(sql1, cnn3)
            i2 = Command1.ExecuteNonQuery
            MessageBox.Show("Searching Done!")
            ds.Clear()
            Refresh()
            cnn3.Close()
        Else
            MsgBox("Please Input Atleast 1 Field")
        End If
    Catch ex As Exception

    End Try

End Sub

1 个答案:

答案 0 :(得分:1)

你是对的。您的SELECT声明有误。 SQL SELECT语法为:

SELECT column_name,column_name
FROM table_name;

永远不要将用户输入与应用程序SQL连接起来,以形成发送到数据库的SQL ,以避免SQL Injection attacks。执行此操作的简单方法是使用参数化语句。参数化语句是SQL的可变部分用标记替换的地方(通常是?)。我

您应该执行类似的操作,以便使用结果填充DataGridView

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

Connection = New OleDb.OleDbConnection(Provider=Microsoft.ACE.OLEDB.12.0;Data Source=StudentInfoSysDB.accdb;)

     Try

        Connection.Open()

        Dim SQLQuery = "SELECT * FROM Students WHERE ID = ? OR  FirstName = ? OR  MiddleName= ? " & _
                       " OR LastName = ? OR Course = ? OR  Year = ? OR  Gender = ? OR Section = ?"

        Dim sqlcommand As New OleDbCommand
        With sqlcommand
            .CommandText = SQlQuery
            .Connection = Connection
            .Parameters.AddWithValue("@p1", txtID.Text)
            .Parameters.AddWithValue("@p2", txtFirstN.Text)
            .Parameters.AddWithValue("@p3", txtMiddleN.Text)
            .Parameters.AddWithValue("@p4", txtLastN.Text)
            .Parameters.AddWithValue("@p5", txtCourse.Text)
            .Parameters.AddWithValue("@p6", txtYear.Text)
            .Parameters.AddWithValue("@p7", txtGender.Text)
            .Parameters.AddWithValue("@p8", txtSection.Text)
        End With

        Dim ds As New DataSet

        Dim Adapter As New System.Data.OleDb.OleDbDataAdapter(sqlcommand)

        Adapter.Fill(ds)

        DataGridView1.DataSource = ds.Tables(0)

        SQLConnection.Close()

    Catch ex As Exception

         MsgBox(ex.Message)

    End Try

End Sub

注意:上述代码未合并字段以进行搜索。它将查找与任何文本框的输入匹配的任何记录

相关问题
最新问题