我已经看到很多关于在Sql查询和“喜欢”中使用参数的问题,但是我已经尝试过各种方式来编写代码但仍无法通过查询得到结果。如果我在查询本身中放置一个值,它运行正常。当我运行列出的第一个查询时,我得到错误“必须声明标量变量”@Search“但我认为我使用cmd.Parameters.AddWithValue语句做了。有人能看到我可能做错了吗?任何帮助表示赞赏
//Declare the connection object
SqlConnection Conn = new SqlConnection();
Conn.ConnectionString = ConfigurationManager.ConnectionStrings["MyDatabase"].ConnectionString;
//Connect to the db
Conn.Open();
//Define query
//This query doesn't work
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%' + @Search + '%')";
//This query doesn't work either
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE @Search";
//This query works
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE 'MI'";
//Declare the Command
SqlCommand cmd = new SqlCommand(sql, Conn);
//Add the parameters needed for the SQL query
cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%");
//Declare a SQL Adapter
SqlDataAdapter da = new SqlDataAdapter(sql, Conn);
//Declare a DataTable
DataTable dt = new DataTable();
//Populate the DataTable
da.Fill(dt);
//Bind the Listview
lv.DataSource = dt;
lv.DataBind();
dt.Dispose();
da.Dispose();
Conn.Close();
答案 0 :(得分:6)
在上面的代码中,您没有使用SqlDataAdapter中的参数,在下面的代码中,您将在命令中使用SqlDataAdapter。
//This query doesn't work
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE @Search)";
//Declare the Command
SqlCommand cmd = new SqlCommand(sql, Conn);
//Add the parameters needed for the SQL query
cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%");
//Declare a SQL Adapter
SqlDataAdapter da = new SqlDataAdapter();
**sa.SelectCommand = cmd**
如果您不想使用参数化查询,这将有效:
//Declare the connection object
//This query doesn't work
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%" + **txtSearch.Text** + "%')";
//Declare a SQL Adapter
SqlDataAdapter da = new SqlDataAdapter(sql, conn);
答案 1 :(得分:4)
您的主要问题是您没有使用由于此构造函数而构建的命令
SqlDataAdapter da = new SqlDataAdapter(sql, Conn);
因此您也没有使用参数,唯一有效的查询是不使用任何(第三个)的查询。您应该使用此构造函数(使用SqlCommand创建的那个)
SqlDataAdapter da = new SqlDataAdapter(cmd);
更改正在使用的构造函数后,将应用以下任一查询:
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE @Search";
...
cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%");
或者这个:
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE '%' + @Search + '%'";
...
cmd.Parameters.AddWithValue("@Search", txtSearch.Text);
答案 2 :(得分:2)
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%' + @Search + '%')";
cmd.Parameters.AddWithValue("@Search",txtSearch.Text);
这应该有效
答案 3 :(得分:1)
除了接受的答案外,不要忘记用方括号替换_,%。否则它仍然会给出错误的结果。
txtSearch.Text.Replace("_","[_]").Replace("%","[%]")
答案 4 :(得分:0)
您可以使用SqlDataReader
而不是使用SqlDataAdapterSqlDataReader myReader = cmd.ExecuteReader();
DataTable dt = new DataTable();
dt.Load(myReader);
您将在代码中注意到参数已附加到实际未使用的cmd,因此SqlDataAdapter不知道该参数。