frmAdd f = new frmAdd(); string connectionString =(“Server =(localdb)\ v11.0; AttachDbFileName =”+ Application.StartupPath +“\ Database \”+ f.databaseName +“。mdf; Connect Timeout = 30;”); SqlConnection connection = new SqlConnection(connectionString);
//notes=error, id and group=no like
string selectCommand = "SELECT * FROM ContactsList WHERE " +
"NamePrefix LIKE @prefix AND GivenName LIKE @given AND MiddleName LIKE @middle AND FamilyName LIKE @family AND " +
"NameSuffix LIKE @suffix AND NickName LIKE @nick AND Company LIKE @company AND JobTitle LIKE @job AND " +
"MobilePhone LIKE @mobilep AND HomePhone LIKE @homep AND WorkPhone LIKE @workp AND WorkFaxPhone LIKE @workfp AND HomeFaxPhone LIKE @homefp AND " +
"PagerPhone LIKE @pagerp AND CallBackPhone LIKE @callbp AND OtherPhone LIKE @otherp AND GroupName=@group AND Relationship LIKE @relation AND " +
"StreetHome LIKE @strh AND CityHome LIKE @cityh AND StateHome LIKE @stah AND ZipCodeHome LIKE @ziph AND CountryHome LIKE @countryh AND " +
"StreetWork LIKE @strw AND CityWork LIKE @cityw AND StateWork LIKE @staw AND ZipCodeWork LIKE @zipw AND CountryWork LIKE @countryw AND " +
"StreetOther LIKE @stro AND CityOther LIKE @cityo AND StateOther LIKE @stao AND ZipCodeOther LIKE @zipo AND CountryOther LIKE @countryo AND " +
"HomeMail LIKE @homem AND WorkMail LIKE @workm AND OtherMail LIKE @otherm AND Website1 LIKE @web1 AND Website2 LIKE @web2 AND Website3 LIKE @web3 AND " +
"Facebook LIKE @face AND GooglePlus LIKE @google AND BirthdayEvent LIKE @birth AND AnniversaryEvent LIKE @anni AND OtherEvent LIKE @othere";
SqlCommand command1 = new SqlCommand(selectCommand);
command1.Connection = connection;
command1.CommandType = CommandType.Text;
//if (!string.IsNullOrWhiteSpace(txtId.Text))
//{
// command1.Parameters.AddWithValue("@id", txtId.Text);
//}
//else
//{
// command1.Parameters.AddWithValue("@id", "%%");
//}
if (!string.IsNullOrWhiteSpace(txtPrefix.Text))
{
command1.Parameters.AddWithValue("@prefix", "%" + txtPrefix.Text + "%");
}
else
{
command1.Parameters.AddWithValue("@prefix", "%%");
}
if (!string.IsNullOrWhiteSpace(txtGiven.Text))
{
command1.Parameters.AddWithValue("@given", "%" + txtGiven.Text + "%");
}
else
{
command1.Parameters.AddWithValue("@given", "%%");
}
。 。 。 。 。 .. .. 。 。 等等
答案 0 :(得分:0)
SqlCommand command1 = new SqlCommand("SELECT * FROM ContactsList WHERE ID LIKE @id");
答案 1 :(得分:0)
另一种方式:
SqlCommand command1 = null;
if (!string.IsNullOrWhiteSpace(txtId.Text))
{
command1 = new SqlCommand("SELECT * FROM ContactsList WHERE ID = @id");
command1.Parameters.AddWithValue("@id", txtId.Text);
}
else
{
command1 = new SqlCommand("SELECT * FROM ContactsList ");
}
command1.Connection = connection;
command1.CommandType = CommandType.Text;
答案 2 :(得分:0)
试试这个: 它取决于表[“server”]的列[“代码”]的数据类型。
如果Data-Type是Int / Numeric,那么下面的代码应该可以工作。
cmd.CommandText = "SELECT name FROM server WHERE code="+TextBox1.Text;
如果Data-Type是Varchar / Non-Numeric,请尝试如下。
cmd.CommandText = "SELECT name FROM server WHERE code='" + TextBox1.Text + "'";
但是,我不建议您进行内联查询。而是使用参数化查询。因为普通内联查询是SQL注入的邀请。
string sqlConnectString = "YourConnectionString";
string sqlSelect = "SELECT name FROM server WHERE code= @CodeValue";
SqlConnection sqlConnection = new SqlConnection(sqlConnectString);
SqlCommand sqlCommand = new SqlCommand(sqlSelect, sqlConnection);
sqlCommand.Parameters.Add("@CodeValue", System.Data.SqlDbType.Int);// Set SqlDbType based on your DB column Data-Type
sqlCommand.Parameters["@CodeValue"].Value = TextBox1.Text;
SqlDataAdapter sqlDa = new SqlDataAdapter(sqlCommand);
DataTable sqlDt = new DataTable();
sqlDa.Fill(sqlDt);