关键字'和'

时间:2015-08-30 09:04:46

标签: asp.net sql-server gridview datepicker

我试图在几个复选框列表的帮助下过滤gridview,它工作得很好。这是所有的实时,因为我使用更新面板。现在,当我尝试添加一个文件管理器,即几个日期选择器根据两个日期过滤gridview,它给出了错误消息“关键字附近的语法不正确”和“。”。整个代码如下:

     private void BindGrid()
{
    string CS = ConfigurationManager.ConnectionStrings["SportsActiveConnectionString"].ConnectionString;
    string query = "Select * from tblAllEvents";

    string condition = string.Empty;
    string conditionDisability = string.Empty;
    string conditionDates = string.Empty;
    foreach (ListItem item in cblGender.Items)
    {
        condition += item.Selected ? string.Format("'{0}',", item.Value) : string.Empty;
    }

    if (!string.IsNullOrEmpty(condition))
    {
        condition = string.Format(" Where Gender IN ({0})", condition.Substring(0, condition.Length - 1));
    }
    else
    {
        condition = string.Format(" Where Gender IN ('Male','Female','Mixed')", condition.Substring(0,Math.Max(0,condition.Length - 1)));
    }
    foreach (ListItem item in cblDisability.Items)
    {
        conditionDisability += item.Selected ? string.Format("'{0}',", item.Value) : string.Empty;
    }
    if (!string.IsNullOrEmpty(conditionDisability))
    {
        conditionDisability = string.Format(" and Disabled IN ({0})", conditionDisability.Substring(0, conditionDisability.Length - 1));
    }
    if(txtEventStart.Text == null)
    {
        txtEventStart.Text = "01/01/1900";
    }
    if(txtEventEnd.Text == null)
    {
        txtEventEnd.Text = "01/01/2050";
    }

     conditionDates = string.Format(" and EventStart between {0} and {1}",txtEventStart.Text,txtEventEnd.Text);

    using (SqlConnection con = new SqlConnection(CS))
    {
        using (SqlCommand cmd = new SqlCommand(query + condition + conditionDisability + conditionDates))
        {
            using (SqlDataAdapter sda = new SqlDataAdapter(cmd))
            {
                cmd.Connection = con;
                using (DataTable dt = new DataTable())
                {
                    sda.Fill(dt);
                    GridView1.DataSource = dt;
                    GridView1.DataBind();
                }
            }
        }
    }
}

请注意,当我在查询中包含'conditionDates'时会出现问题。什么是使查询有效的其他方法。

编辑:正如我之前所说,问题在于以下代码

     if(txtEventStart.Text == null)
    {
        txtEventStart.Text = "01/01/1900";
    }
    if(txtEventEnd.Text == null)
    {
        txtEventEnd.Text = "01/01/2050";
    }

     conditionDates = string.Format(" and EventStart between {0} and {1}",txtEventStart.Text,txtEventEnd.Text);

2 个答案:

答案 0 :(得分:3)

您在值周围缺少撇号:

conditionDates = string.Format(" and EventStart between '{0}' and '{1}'", txtEventStart.Text, txtEventEnd.Text);

但请注意,这样的代码对于SQL injection攻击是敞开的。您应该在查询中使用参数:

conditionDates = " and EventStart between @EventStart and @EventEnd";

然后,您将参数添加到命令对象参数集合,以便为查询提供值:

cmd.Parameters.Add("@EventStart", SqlDbType.DateTime).Value = txtEventStart.Text;
cmd.Parameters.Add("@EventEnd", SqlDbType.DateTime).Value = txtEventEnd.Text;

答案 1 :(得分:0)

您显然有SQL语法错误。首先调试代码并获取生成的查询,然后在SQL Server中单独运行它。你会以这种方式更好地检查它。

这是关于在添加该部分时如何连接SQL查询。

相关问题
最新问题