Question

protected void Button1_Click(object sender, EventArgs e) 
{
    SqlConnection myConnection = new SqlConnection("Data Source=DELL-PC\\SQLEXPRESS;Initial Catalog=eclass;Persist Security Info=True;integrated security = true");
    myConnection.Open();
    string key = txtsearchkey.Text.ToString();

    SqlCommand q1 = new SqlCommand("select cat_id from category where cat_name='" + (ddsearchcat.SelectedItem.ToString() + "'"), myConnection);
    string cat = q1.ExecuteScalar().ToString();

    SqlCommand q2 = new SqlCommand("select subcat_id from subcategory where subcat_name= '" + (ddsearchsubcat.SelectedItem.ToString() + "'"), myConnection);
    string subcat = q2.ExecuteScalar().ToString();

    SqlCommand q3 = new SqlCommand("select adid from adType where adtype= '" + (ddsearchtype.SelectedItem.ToString()) + "'", myConnection);
    string adtype = q3.ExecuteScalar().ToString();

    String date = ddsearchdays.SelectedItem.ToString();

    if (chkAdimg.Checked)
    {
        if (chkAdVideo.Checked)
        {
            SqlCommand query = new SqlCommand("select title,ad_description from postad where ad_description like " + txtsearchkey + " and category_id=" + cat + " and subcategory_id=" + subcat + " and ad_id=" + adtype + " and video is not null and img_id is not null and adType INNER JOIN adType AS adType_1 ON adType.adid = adType_1.adid CROSS JOIN  category CROSS JOIN  subcategory CROSS JOIN userdetails", myConnection);           

            DataSet ds = new DataSet();
            SqlDataAdapter ad = new SqlDataAdapter(query);
            ad.Fill(ds);
            foreach (DataRow dr in ds.Tables[0].Rows)
            {
                    Response.Write(dr[0].ToString());
            }
        }
    }
}

此查询给我一个问题

非布尔类型的表达式在上下文中指定的条件是预期的，靠近'INNER ...

我应该在查询中做出哪些更改

Answer 1

select title,ad_description from postad where ad_description like " + txtsearchkey + " and category_id=" + cat + " and subcategory_id=" + subcat + " and ad_id=" + adtype + " and video is not null and img_id is not null and adType INNER JOIN adType AS adType_1 ON adType.adid = adType_1.adid CROSS JOIN  category CROSS JOIN  subcategory CROSS JOIN userdetails", myConnection);

你在哪里使用内部连接后的条件？

我认为这可能是对的

select title,ad_description 
from postad 
INNER JOIN adType AS adType_1 ON adType.adid = adType_1.adid 
CROSS JOIN category 
CROSS JOIN subcategory 
CROSS JOIN userdetails 
where ad_description like " + txtsearchkey + " 
  and category_id=" + cat + " 
  and subcategory_id=" + subcat + " 
  and ad_id=" + adtype + " 
  and video is not null 
  and img_id is not null

Answer 2

我认为你在这里

...and adType INNER JOIN adType...

你的连接应该在WHERE子句之前完成，更不用说你真的应该使用值而不是纯文本的参数来避免像sql注入这样的事情，并且你可能需要％s的你想要的值喜欢上，但我离题了......

Answer 3

varchar列应该包含值的引号。例如

where ad_description like " + txtsearchkey + " and

应该是

where ad_description like '" + txtsearchkey + "' and

另外

img_id is not null and adType INNER JOIN

应该有

img_id is not null INNER JOIN

即。 adType似乎放错了地方。

这不是制作动态SQL的好方法。它不仅暴露于SQL注入，而且几乎不可能维护。

Answer 4

您的WHERE子句之后有联接，它需要在WHERE子句之前和FROM之后

select 
    title,
    ad_description 
from postad 
INNER JOIN adType AS adType_1 ON adType.adid = adType_1.adid 
CROSS JOIN  category 
CROSS JOIN  subcategory 
CROSS JOIN userdetails
where ad_description like " + txtsearchkey + " 
and category_id=" + cat + " 
and subcategory_id=" + subcat + " 
and ad_id=" + adtype + " 
and video is not null 
and img_id is not null 
and adType "

SQL查询问题

4 个答案: