我正在尝试在c#中编写SQL where子句。我有网格绑定数据库的数据。我在网格顶部有三个搜索面板,有3个文本框。即txtPartnumber,txtArticle,txtSmn。当我单击搜索按钮时,应该过滤网格。 E.x.以下是网格的过滤选项。
1)仅为搜索提供“Partnumber” 2)仅为搜索提供“商品编号” 3)仅为搜索提供“SMN” 4)为搜索等提供'Partnumber'和'SMN'。
使用SQL squery过滤网格中的数据我尝试了以下代码。 SQl中的Where子句似乎很难构建。附上我的代码和我的代码段似乎不是一个更复杂的代码。如何使用较少的代码行来最小化复杂性并优化我的代码。
private string getCondtionForSearch()
{
string condition = string.Empty;
string whereCondition = " Where ";
string andCondition = " AND ";
string articleCondition = string.Empty;
string partNumberCondition = string.Empty;
string smnCondition = string.Empty;
int condtitionCount = 0;
if (!(string.IsNullOrEmpty(txtArticle.Text)))
{
articleCondition = string.Concat("ARTICLE = ", txtArticle.Text);
condtitionCount++;
}
if (!(string.IsNullOrEmpty(txtPartnumber.Text)))
{
partNumberCondition = string.Concat("PART_NUMBER = ", txtPartnumber.Text);
condtitionCount++;
}
if (!(string.IsNullOrEmpty(txtSmn.Text)))
{
smnCondition = string.Concat("SMN = ", txtSmn.Text);
condtitionCount++;
}
if (condtitionCount == 0)
condition = "SELECT * FROM [ItemMaster]";
else
{
StringBuilder conditionBuilder = new StringBuilder();
conditionBuilder.Append(whereCondition);
if (condtitionCount == 1)
{
conditionBuilder.Append(articleCondition);
conditionBuilder.Append(partNumberCondition);
conditionBuilder.Append(smnCondition);
}
if (condtitionCount == 2)
{
if (string.IsNullOrEmpty(articleCondition))
{
conditionBuilder.Append(partNumberCondition);
conditionBuilder.Append(andCondition);
conditionBuilder.Append(smnCondition);
}
}
conditionBuilder.Append(andCondition);
condition = conditionBuilder.ToString();
}
return condition;
}
感谢你的帮助。
答案 0 :(得分:2)
如果您打算以这种方式构建查询,请尝试此操作。您应该使用参数化查询来避免sql injection的可能性。
string query = "SELECT * FROM [ItemMaster]"
string whereClause = string.empty;
bool andFlag = false;
if(!string.IsNullOrEmpty(txtArticle.Text))
{
string temp = " ARTICLE = @Article";
string.Concat(wherClause,temp);
andFlag = true;
//add parameter value for @Article
}
if(!string.IsNullOrEmpty(txtPartnumber.Text))
{
string temp = string.Empty;
if(andFlag)
temp = " AND PART_NUMBER = @Part_Number";
else
temp = " PART_NUMBER = @Part_Number";
string.Concat(whereClause ,temp);
//add parameter value for @Part_Number
}
if(!string.IsNullOrEmpty(txtSmn.Text))
{
string temp = string.Empty;
if(andFlag)
temp = " AND SMN = @SMN";
else
temp = " SMN = @SMN";
string.Concat(whereClause ,temp);
//add parameter value for @SMN
}
if(!string.IsNullOrEmpty(txtSmn.Text) || !string.IsNullOrEmpty(txtPartnumber.Text) || !string.IsNullOrEmpty(txtArticle.Text))
string.concat(query," WHERE ",whereClause);
答案 1 :(得分:2)
以下是来自Coder of Code
的修改和简化版本的答案string query = "SELECT * FROM [ItemMaster] Where 1 = 1 "
if(!string.IsNullOrEmpty(txtArticle.Text))
{
string.Concat(query ,"AND ARTICLE = @Article ");
//add parameter value for @Article
}
if(!string.IsNullOrEmpty(txtPartnumber.Text))
{
string.Concat(query ,"AND PART_NUMBER = @Part_Number ");
//add parameter value for @Part_Number
}
if(!string.IsNullOrEmpty(txtSmn.Text))
{
string.Concat(query ,"AND SMN = @SMN ");
//add parameter value for @SMN
}
return query;
答案 2 :(得分:1)
你可以这样做(没有测试):
var sql = new StringBuilder();
sql.AppendLine("SELECT * FROM [ItemMaster]");
var whereClause = CheckFilter(txtArticle) +
CheckFilter(txtPartnumber) +
CheckFilter(txtSmn);
whereClause = whereClause.Substring(0, whereClause.Length - 5);
if (!string.IsNullOrEmpty(whereClause.Trim())
{
sql.AppendLine(" WHERE ");
sql.AppendLine(whereClause);
}
// using the textbox Name property as the column name
private string CheckFilter(TextBox textbox)
{
return !string.IsNullOrEmpty(textbox.Text)
? string.Format(" {0} = {1} AND ", textbox.Name, textbox.Text)
: string.Empty;
}
答案 3 :(得分:0)
您可以通过检查每个值来简单地构建您的where子句:请参阅代码(但将其更改为使用StringBuilder,并将其更改为使用参数)
private string getCondtionForSearch()
{
string condition = string.Empty;
string whereCondition = string.Empty;
// TODO same for all values
if (!(string.IsNullOrEmpty(txtArticle.Text)))
{
whereCondition = whereCondition + '"ARTICLE = "' + txtArticle.Text + " AND ";
}
// TODO 1: cut last 5 chars (" AND ")
// TODO 2: Add " WHERE " at the begin
// TODO 3: Add whereCondition to your SQL
if (!String.IsNullOrEmpty(whereCondition))
{
}
return condition;
}
但是:您的代码易受SQL注入攻击,因此请将其更改为使用SQL参数(Google)