大家好我只想将textbox.text与数据库进行比较。这是我的代码:
string str = string.Format("select Firstname,Lastname,Middlename,Extensionname from tblpatient where Firstname ='" + _FirstName.Text + "', Lastname ='" + _LastName.Text + "', Middlename ='" + _MiddleName.Text + "', Extensionname ='" + _ExtensionName.Text + "'");
Modules.Mod.SQL.ExecQuery(str);
if (_FirstName.Text == ("Firstname") || _LastName.Text == ("Lastname") || _MiddleName.Text == ("Middlename") || _ExtensionName.Text == ("Extensionname")) ;
{
MessageBox.Show("Patient Name is already used", "Page Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
_LastName.Focus();
_FirstName.Focus();
_MiddleName.Focus();
_ExtensionName.Focus();
return;
}
我收到了错误消息。但它不起作用..请帮忙
答案 0 :(得分:0)
将第一行更改为:
string str = string.Format("select Firstname,Lastname,Middlename,Extensionname from tblpatient where Firstname ='" + _FirstName.Text + "' AND Lastname ='" + _LastName.Text + "' AND Middlename ='" + _MiddleName.Text + "' AND Extensionname ='" + _ExtensionName.Text + "'");
,不能在where子句中使用。请改用AND或OR。
旁注:但是,我不建议使用此方法,因为它会增加SQL注入风险。使用参数化查询。