窗口应用程序C#的搜索按钮

本文介绍了窗口应用程序C#的搜索按钮的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

你好！我从ms SQL服务器创建了一个用于搜索数据库的搜索按钮.

Hello! i create a search button for search database from ms SQL server.

SqlConnection con = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=C:\\Documents and Settings\\meekun.poon\\My Documents\\Visual Studio 2008\\Projects\\TrackLocation\\TrackLocation\\barcodePrinter.mdf;Integrated Security=True;User Instance=True"); DataTable dt = new DataTable(); SqlDataAdapter SDA = new SqlDataAdapter("SELECT SerialNo,IT_Tag,PrinterID,Product,Model,Department,Location FROM [BarCodePrinter]WHERE BarCodePrinter.SerialNo= ''" +( textBox1.Text), con); SDA.Fill(dt); SDA.ToString(); dataGridView1.DataSource = dt;

**以上是代码的一部分... 但是当单击搜索按钮时，没有数据显示. 有人可以告诉我问题和解决方法吗? 谢谢

**above is part of code... But when click the search button, there are not data display. Can someone one tell me the problem and solution? thanks

推荐答案

因为您输入的SELECT语句错误:引号放在错误的位置: Because you got the SELECT statement wrong: the quotes are in the wrong place: SqlDataAdapter SDA = new SqlDataAdapter("SELECT SerialNo,IT_Tag,PrinterID,Product,Model,Department,Location FROM [BarCodePrinter]WHERE BarCodePrinter.SerialNo= ''" +( textBox1.Text), con);

成为

SqlDataAdapter SDA = new SqlDataAdapter("SELECT SerialNo,IT_Tag,PrinterID,Product,Model,Department,Location FROM [BarCodePrinter]WHERE BarCodePrinter.SerialNo= '" + textBox1.Text + "'", con);

但是不要那样做！不要连接字符串以构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门，这可能会破坏整个数据库.请改用参数化查询.

But don''t do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

SqlDataAdapter SDA = new SqlDataAdapter("SELECT SerialNo,IT_Tag,PrinterID,Product,Model,Department,Location FROM [BarCodePrinter]WHERE BarCodePrinter.SerialNo=@SN", con); SDA.SelectCommand.Parameters.AddWithValue("@SN", textBox1.Text);

谢谢....datagridview可以基于文本框显示数据... Thanks....the datagridview can display data based on the textBox...