本文介绍了窗口应用程序C#的搜索按钮的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
你好!我从ms SQL服务器创建了一个用于搜索数据库的搜索按钮.
Hello! i create a search button for search database from ms SQL server.
SqlConnection con = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=C:\\Documents and Settings\\meekun.poon\\My Documents\\Visual Studio 2008\\Projects\\TrackLocation\\TrackLocation\\barcodePrinter.mdf;Integrated Security=True;User Instance=True"); DataTable dt = new DataTable(); SqlDataAdapter SDA = new SqlDataAdapter("SELECT SerialNo,IT_Tag,PrinterID,Product,Model,Department,Location FROM [BarCodePrinter]WHERE BarCodePrinter.SerialNo= ''" +( textBox1.Text), con); SDA.Fill(dt); SDA.ToString(); dataGridView1.DataSource = dt;**以上是代码的一部分... 但是当单击搜索按钮时,没有数据显示. 有人可以告诉我问题和解决方法吗? 谢谢
**above is part of code... But when click the search button, there are not data display. Can someone one tell me the problem and solution? thanks
推荐答案因为您输入的SELECT语句错误:引号放在错误的位置: Because you got the SELECT statement wrong: the quotes are in the wrong place: SqlDataAdapter SDA = new SqlDataAdapter("SELECT SerialNo,IT_Tag,PrinterID,Product,Model,Department,Location FROM [BarCodePrinter]WHERE BarCodePrinter.SerialNo= ''" +( textBox1.Text), con);
成为
SqlDataAdapter SDA = new SqlDataAdapter("SELECT SerialNo,IT_Tag,PrinterID,Product,Model,Department,Location FROM [BarCodePrinter]WHERE BarCodePrinter.SerialNo= '" + textBox1.Text + "'", con);但是不要那样做!不要连接字符串以构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门,这可能会破坏整个数据库.请改用参数化查询.
But don''t do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
SqlDataAdapter SDA = new SqlDataAdapter("SELECT SerialNo,IT_Tag,PrinterID,Product,Model,Department,Location FROM [BarCodePrinter]WHERE BarCodePrinter.SerialNo=@SN", con); SDA.SelectCommand.Parameters.AddWithValue("@SN", textBox1.Text);
谢谢....datagridview可以基于文本框显示数据... Thanks....the datagridview can display data based on the textBox...
更多推荐
窗口应用程序C#的搜索按钮
发布评论