Question

我正在做一个学生项目，现在已经在Datagridview中显示了一些数据，如下所示：

1   Beijing Potato  Beijing 123456  potato@mail.com Mr Potato   Potato              
1   Beijing Potato  Beijing 123456  potato@mail.com Mr Potato   Chips               
2   Fish Company    Qingdao 123457  fish@mail.com   Mr Fish Turtle              
4   Fruit & Stuff   Xian    234567  fruit@mail.com  Mrs Fruit   Sallad              
5   Connor Company  Jinan   345678  connor@mail.com Connor Si   Chocolate           
7   Cookies & Friends   Boras   255424  cookie@mail.com Ms Cookie   Beer                
6   Alcohol Limited Shanghai    456790  alcohol@mail.com    Mr Alcohol  Cookie              
5   Connor Company  Jinan   345678  connor@mail.com Connor Si   Flower

我的问题是我想知道是否有任何SQL注入允许我将“供应”添加到一个单元格中，这样供应商北京马铃薯只能在一行中看到，但是会有马铃薯，芯片在最后一个单元格中。

public void populateDgv()
{
    string sqlString = "SELECT s.SupplierId AS [Supplier Id], 
    s.SupplierName AS [Supplier Name], s.SupplierCity AS [Supplier.City], 
    s.SupplierPhone AS [Phonenumber], s.SupplierMail AS [E-Mail], 
    s.SupplierContactPerson AS [Contact Person], p.ProductName AS [Supply] 
    FROM Supplier s INNER JOIN Products p ON s.SupplierId=p.SupplierId;";
    DataTable dt = clsDB.fromDB(sqlString);
    dgvSupplier.DataSource = dt;
}

我的桌子：

CREATE TABLE [dbo].[Products] (
[ProductId]     INT             IDENTITY (1000, 1) NOT NULL,
[ProductName]   VARCHAR (20)    NOT NULL,
[OrderPrice]    DECIMAL (18, 2) NOT NULL,
[SellingPrice]  DECIMAL (18, 2) NOT NULL,
[CurrentStock]  INT             NULL,
[LowStockLimit] INT             DEFAULT ((15)) NOT NULL,
[OrderStatus]   BIT             DEFAULT ((0)) NULL,
[OrderQuanity]  INT             NULL,
[SupplierId]    INT             NOT NULL,
PRIMARY KEY CLUSTERED ([ProductId] ASC),
CONSTRAINT [FK_Products_Suppliers] FOREIGN KEY ([SupplierId]) REFERENCES [dbo].[Supplier] ([SupplierId]

CREATE TABLE [dbo].[Supplier] (
[SupplierId]            INT          IDENTITY (1, 1) NOT NULL,
[SupplierName]          VARCHAR (50) NOT NULL,
[SupplierCity]          VARCHAR (50) NOT NULL,
[SupplierPhone]         INT          NOT NULL,
[SupplierMail]          VARCHAR (50) NOT NULL,
[SupplierContactPerson] VARCHAR (50) NOT NULL,
PRIMARY KEY CLUSTERED ([SupplierId] ASC)

Answer 1

你为什么不使用linq，并将其作为列表取回？

this.dt.Suppliers.Include（“Products”）。Where（x =＆gt; x.YourId == Id）

（.Where（）是可选的，ofc）

Answer 2

您的“产品”表格中可能有两条“SupplierId”记录。要将其归结为一个记录，对于该供应商，您需要以某种方式从“产品”表中确定您想要的记录。

Answer 3

尝试将STUFF与FOR XML PATH结合使用：

SELECT s.SupplierId AS [Supplier Id], 
       s.SupplierName AS [Supplier Name], 
       s.SupplierCity AS [Supplier.City], 
       s.SupplierPhone AS [Phonenumber], 
       s.SupplierMail AS [E-Mail], 
       s.SupplierContactPerson AS [Contact Person], 
       STUFF((SELECT ',' + LTRIM(RTRIM(p.productName)) AS [text()]
                FROM Products p
               WHERE s.SupplierId = p.SupplierId
               FOR XML PATH('')
              ), 1, 1, '' )
            AS [Products]
  FROM Supplier s

请参阅SQL fiddle。

查看您的模型，您可以轻松地从[SupplierName]表中删除[SupplierCity]，[SupplierPhone]，[SupplierMail]，[SupplierContactPerson]和Products，因为所有这些值都存在于引用的Supplier表中。将这些值存储在多个位置会占用更多空间而没有任何优势。

Answer 4

尝试此查询：

SELECT distinct s.SupplierId AS [Supplier Id], s.SupplierName AS [Supplier Name], s.SupplierCity AS [Supplier.City], s.SupplierPhone AS [Phonenumber], s.SupplierMail AS [E-Mail], s.SupplierContactPerson AS [Contact Person], 
coalesce(select distinct productname from products p where p.SupplierId = s.SupplierId) as productlist 
FROM Supplier s

我无法测试它，因为我没有你的数据库。你可能需要调整一下。复制并粘贴到您的查询工具中，看看是否可以使其正常工作。

SQL在一个单元格中添加两行

4 个答案: