我试图让我的程序搜索我的数据库并将结果添加到listview控件。 listview使用以下SQL语句填充:
SELECT * FROM dbo.TBL_Locations
然而,当我尝试使用where语句进行搜索并添加值时,它不会返回任何内容
String selStmt = "SELECT * FROM dbo.TBL_Locations WHERE @SearchParameter = @SearchTerm";
SqlCommand selCmd = new SqlCommand(selStmt, conn);
selCmd.Parameters.AddWithValue("@SearchParameter", SearchParameter);
selCmd.Parameters.AddWithValue("@SearchTerm", SearchTerm);
所以SearchParameter会有例如“City”(搜索City列)而SearchTerm会有“Leeds”(在City列中搜索Leeds)
然而我认为发生的事情是它基本上是尝试将searchTerm分配给SearchParameter而不是用值替换它们?
我尝试了各种不同的地方陈述,这些陈述来自我在谷歌上发现但似乎无法让它发挥作用。
我希望我的意思是明白的。
答案 0 :(得分:0)
所以你想要搜索多个列名,然后尝试这样,
StringBuilder sb = new StringBuilder();
sb.Append("SELECT * FROM dbo.TBL_Locations WHERE ");
switch (SearchParameter)
{
case "City":
sb.Append(" City = @SearchTerm");
break;
case "Stadium":
sb.Append(" Stadium = @SearchTerm");
break;
}
SqlCommand selCmd = new SqlCommand(sb.ToString(), conn);
selCmd.Parameters.AddWithValue("@SearchTerm", SearchTerm);
答案 1 :(得分:0)
您可以使用如下存储过程:
CREATE PROCEDURE TBL_Locations_Select (
@City varchar(50), -- or whatever length your actual column is
@Stadium varchar(50) -- or whatever length your actual column is
)
AS
SELECT *
FROM dbo.TBL_Locations
WHERE City = CASE WHEN @City IS NULL THEN City ELSE @City END
AND Stadium = CASE WHEN @Stadium IS NULL THEN Stadium ELSE @Stadium END
这是sql注入安全而且性能不差 如果您的城市或体育场是可以为空的列,您可能希望这样做有点不同:
WHERE COALESCE(City, '') = CASE WHEN @City IS NULL THEN COALESCE(City, '') ELSE @City END
AND COALESCE(Stadium, '') = CASE WHEN @Stadium IS NULL THEN COALESCE(Stadium, '') ELSE @Stadium END
然后在你的c#代码上写下这样的东西:
string City;
string Stadium;
SqlCommand selCmd = new SqlCommand("TBL_Locations_Select", conn);
selCmd.CommandType = CommandType.StoredProcedure;
selCmd.Parameters.AddWithValue("@City", (String.IsNullOrEmpty(City)) ? DBNull.Value : City ;);
selCmd.Parameters.AddWithValue("@Stadium", (String.IsNullOrEmpty(Stadium)) ? DBNull.Value : Stadium ;);
答案 2 :(得分:-1)
更改为:
String selStmt = "SELECT * FROM dbo.TBL_Locations WHERE City = @SearchTerm";
“城市”是数据库中的列
答案 3 :(得分:-1)
试试这个
String selStmt = "SELECT * FROM dbo.TBL_Locations WHERE @SearchParameter = @TextBox1.Text" AND @SearchTerm = @TextBox2.Text";
SqlCommand selCmd = new SqlCommand(selStmt, conn);
selCmd.Parameters.AddWithValue("@SearchParameter", SearchParameter);
selCmd.Parameters.AddWithValue("@SearchTerm", SearchTerm);