获取查询以使用参数和“喜欢”
我已经看到很多关于在Sql查询和“喜欢”中使用参数的问题,但是我已经尝试过各种方式来编写代码并且仍然无法获得我的查询来给出结果。 如果我在查询本身中放置一个值,它运行正常。 当我运行列出的第一个查询时,我得到错误“必须声明标量变量”@Search“但我认为我用cmd.Parameters.AddWithValue语句做了。有人能看到我可能做错了吗?任何帮助表示赞赏。
//Declare the connection object SqlConnection Conn = new SqlConnection(); Conn.ConnectionString = ConfigurationManager.ConnectionStrings["MyDatabase"].ConnectionString; //Connect to the db Conn.Open(); //Define query //This query doesn't work string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%' + @Search + '%')"; //This query doesn't work either string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE @Search"; //This query works string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE 'MI'"; //Declare the Command SqlCommand cmd = new SqlCommand(sql, Conn); //Add the parameters needed for the SQL query cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%"); //Declare a SQL Adapter SqlDataAdapter da = new SqlDataAdapter(sql, Conn); //Declare a DataTable DataTable dt = new DataTable(); //Populate the DataTable da.Fill(dt); //Bind the Listview lv.DataSource = dt; lv.DataBind(); dt.Dispose(); da.Dispose(); Conn.Close(); 在上面的代码中,您没有使用SqlDataAdapter中的参数,在下面的代码中,您将在命令中使用SqlDataAdapter。
//This query doesn't work string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE @Search)"; //Declare the Command SqlCommand cmd = new SqlCommand(sql, Conn); //Add the parameters needed for the SQL query cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%"); //Declare a SQL Adapter SqlDataAdapter da = new SqlDataAdapter(); **sa.SelectCommand = cmd**
如果您不想使用参数化查询,这将起作用:
//Declare the connection object //This query doesn't work string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%" + **txtSearch.Text** + "%')"; //Declare a SQL Adapter SqlDataAdapter da = new SqlDataAdapter(sql, conn);
您的主要问题是您没有使用由于此构造函数而构建的命令
SqlDataAdapter da = new SqlDataAdapter(sql, Conn);
因此,您也没有使用参数,唯一有效的查询是不使用任何(第三个)的查询。 您应该使用此构造函数(使用SqlCommand创建的构造函数)
SqlDataAdapter da = new SqlDataAdapter(cmd);
更改正在使用的构造函数后,将应用以下任一查询:
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE @Search"; ... cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%");
或这个:
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE '%' + @Search + '%'"; ... cmd.Parameters.AddWithValue("@Search", txtSearch.Text);
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%' + @Search + '%')"; cmd.Parameters.AddWithValue("@Search",txtSearch.Text);
这应该工作
除了接受的答案,不要忘记用方括号替换_,%。 否则它仍然会给出错误的结果。
txtSearch.Text.Replace("_","[_]").Replace("%","[%]")
您可以使用SqlDataReader而不是使用SqlDataAdapter
SqlDataReader myReader = cmd.ExecuteReader(); DataTable dt = new DataTable(); dt.Load(myReader);
您将在代码中注意到参数已附加到实际未使用的cmd,因此SqlDataAdapter不知道该参数。