我有两列有date_of_delivery和date_of_receipt。我想过滤我的数据
private void button25_Click(object sender, EventArgs e)
{
DataSet ds = new DataSet();
if(radioButton9.Checked)
{
if ((Convert.ToDateTime(dateTimePicker3.Value)) <= (Convert.ToDateTime(dateTimePicker4.Value)))
{
try
{
string query = "SELECT work_id, surname, first_name, patronymic, type_of_service.name_type_of_service, date_of_receipt, date_of_delivery, car_model.name_model, price_for_work FROM mechanic INNER JOIN work ON work.mechanic_id = mechanic.mechanic_id INNER JOIN type_of_service ON work.type_of_service_id = type_of_service.type_of_service_id INNER JOIN car ON work.car_id = car.car_id INNER JOIN car_model ON car.car_model_id = car_model.car_model_id WHERE work.date_of_receipt >= '" + Convert.ToDateTime(dateTimePicker3.Value) + "' AND work.date_of_delivery <= '" + Convert.ToDateTime(dateTimePicker4.Value) + "'";
MessageBox.Show("" + query);
dataGridView2.DataSource = query;
SqlDataAdapter da = new SqlDataAdapter(query, SqlConn);
da.Fill(ds, query);
dataGridView2.DataSource = ds.Tables[query];
}
catch (Exception e2)
{
MessageBox.Show(e2.Message);
}
}
else
{
MessageBox.Show("Дата начала ремонта не может быть позже его завершения ");
}
}
else if(radioButton10.Checked)
{
string query = "SELECT work_id, surname, first_name, patronymic, type_of_service.name_type_of_service, date_of_receipt, date_of_delivery, car_model.name_model, price_for_work FROM mechanic INNER JOIN work ON work.mechanic_id = mechanic.mechanic_id INNER JOIN type_of_service ON work.type_of_service_id = type_of_service.type_of_service_id INNER JOIN car ON work.car_id = car.car_id INNER JOIN car_model ON car.car_model_id = car_model.car_model_id WHERE work.price_for_work BETWEEN " + Convert.ToInt32(textBox16.Text) + " AND " + Convert.ToInt32(textBox17.Text) + "";
MessageBox.Show("" + query);
dataGridView2.DataSource = query;
SqlDataAdapter da = new SqlDataAdapter(query, SqlConn);
da.Fill(ds, query);
dataGridView2.DataSource = ds.Tables[query];
}
}
但是,数据未排序。因为数据库格式的日期为01.02.2015。如何确保一切正常
答案 0 :(得分:0)
正如我在评论中所写,date types does not have a format.
您正在向数据库发送表示日期值的字符串(由于存在从日期开始的隐式转换,因此调用.ToString()对象的默认DateTime将DateTime连接到sql字符串时串起来。
在sql中使用字符串作为日期值时,最好使用ANSI {SQL格式yyyy-MM-dd。此格式保证SQL Server将字符串解释为正确的日期。
但是,连接字符串以创建SQL语句是一种安全隐患,因为它是SQL injection攻击的开头。
正确的方法是使用parameterized queries或存储过程 从此
替换您的查询的where子句
WHERE work.date_of_receipt >= '" + Convert.ToDateTime(dateTimePicker3.Value) +
"' AND work.date_of_delivery <= '" + Convert.ToDateTime(dateTimePicker4.Value) + "'"
到此:
WHERE work.date_of_receipt >= @date_of_receipt
AND work.date_of_delivery <= @date_of_delivery
然后使用SqlDataAdapter的{{1}}&#39; SelectCommand集合添加参数值:
Parameters(请注意,add命令会返回对您刚刚添加的SqlDataAdapter da = new SqlDataAdapter(query, SqlConn);
da.SelectCommand.Parameters.Add("@date_of_receipt ", SqlDbType.Date).Value = dateTimePicker3.Value;
da.SelectCommand.Parameters.Add("@date_of_delivery", SqlDbType.Date).Value = dateTimePicker4.Value;
的引用,因此您可以编写SqlParameter以指定将参数添加到{时的参数值{1}}。
请注意,.Value的值已经是SelectCommand类型,因此在添加时无需使用DateTimePicker。
对所有其他查询执行相同的操作(当然,不要忘记为参数使用正确的数据类型)。
答案 1 :(得分:-1)
System.DateTime dt16 = System.DateTime.Parse(textBox16.Text);
string sTextBox16 = dt16.ToString(&#34; dd.MM.yyyy&#34;);
System.DateTime dt17 = System.DateTime.Parse(textBox17.Text);
string sTextBox17 = dt17.ToString(&#34; dd.MM.yyyy&#34;);
string query =&#34; SELECT Required Columns WHERE work.date_of_receipt&gt; =&#34; + sTextBox16 +&#34;&#39; AND work.date_of_delivery&lt; =&#39;&#34; + sTextBox17 +&#34;&#39;&#34;;