SQL语句不适用于C#数据库搜索

时间:2015-04-20 10:58:33

标签: c# sql

我试图让我的程序搜索我的数据库并将结果添加到listview控件。 listview使用以下SQL语句填充: SELECT * FROM dbo.TBL_Locations

然而,当我尝试使用where语句进行搜索并添加值时,它不会返回任何内容

String selStmt = "SELECT * FROM dbo.TBL_Locations WHERE @SearchParameter = @SearchTerm";
SqlCommand selCmd = new SqlCommand(selStmt, conn);
selCmd.Parameters.AddWithValue("@SearchParameter", SearchParameter);
selCmd.Parameters.AddWithValue("@SearchTerm", SearchTerm);

所以SearchParameter会有例如“City”(搜索City列)而SearchTerm会有“Leeds”(在City列中搜索Leeds)

然而我认为发生的事情是它基本上是尝试将searchTerm分配给SearchParameter而不是用值替换它们?

我尝试了各种不同的地方陈述,这些陈述来自我在谷歌上发现但似乎无法让它发挥作用。

我希望我的意思是明白的。

4 个答案:

答案 0 :(得分:0)

所以你想要搜索多个列名,然后尝试这样,

        StringBuilder sb = new StringBuilder();

        sb.Append("SELECT * FROM dbo.TBL_Locations WHERE ");

        switch (SearchParameter)
        {
            case "City":
                 sb.Append(" City = @SearchTerm");
                break;

            case "Stadium":
                 sb.Append(" Stadium = @SearchTerm");
                break;
        }

        SqlCommand selCmd = new SqlCommand(sb.ToString(), conn);
        selCmd.Parameters.AddWithValue("@SearchTerm", SearchTerm);

答案 1 :(得分:0)

您可以使用如下存储过程:

CREATE PROCEDURE TBL_Locations_Select (
    @City varchar(50), -- or whatever length your actual column is
    @Stadium varchar(50) -- or whatever length your actual column is
)  
AS
SELECT *
FROM dbo.TBL_Locations
WHERE City = CASE WHEN @City IS NULL THEN City ELSE @City END
AND Stadium = CASE WHEN @Stadium IS NULL THEN Stadium ELSE @Stadium END

这是sql注入安全而且性能不差 如果您的城市或体育场是可以为空的列,您可能希望这样做有点不同:

WHERE COALESCE(City, '') = CASE WHEN @City IS NULL THEN COALESCE(City, '') ELSE @City END
AND COALESCE(Stadium, '') = CASE WHEN @Stadium IS NULL THEN COALESCE(Stadium, '') ELSE @Stadium END

然后在你的c#代码上写下这样的东西:

string City;
string Stadium;

SqlCommand selCmd = new SqlCommand("TBL_Locations_Select", conn);
selCmd.CommandType = CommandType.StoredProcedure;
selCmd.Parameters.AddWithValue("@City", (String.IsNullOrEmpty(City)) ? DBNull.Value : City ;);
selCmd.Parameters.AddWithValue("@Stadium", (String.IsNullOrEmpty(Stadium)) ? DBNull.Value : Stadium ;);

答案 2 :(得分:-1)

更改为:

String selStmt = "SELECT * FROM dbo.TBL_Locations WHERE City = @SearchTerm";

“城市”是数据库中的列

答案 3 :(得分:-1)

试试这个

        String selStmt = "SELECT * FROM dbo.TBL_Locations WHERE @SearchParameter = @TextBox1.Text" AND  @SearchTerm = @TextBox2.Text";
        SqlCommand selCmd = new SqlCommand(selStmt, conn);
        selCmd.Parameters.AddWithValue("@SearchParameter", SearchParameter);
        selCmd.Parameters.AddWithValue("@SearchTerm", SearchTerm);
相关问题
最新问题