Db names
Click on this Image to see search functionality
以下代码用于搜索功能请帮我完成它并建议选择查询[string sqlSelect =“”;]我应该放在这里完成我的搜索如果你们有任何想法请与我分享我真的需要帮助提前感谢..
protected void btn_search_Click(object sender, EventArgs e)
{
string status = dd_status.SelectedValue.Trim();
string address = pacinput.Text.Trim();
string prop_type = string.Empty;
foreach (ListItem item in DropDownCheckBoxes1.Items)
{
if (item.Selected)
{
prop_type += item.Value + ",";
}
}
string type = prop_type.Trim();
string minbed = dd_minbed.SelectedValue.Trim();
string maxbed = dd_maxbed.SelectedValue.Trim();
string minprice = dd_minprice.SelectedValue.Trim();
string maxprice = dd_maxprice.SelectedValue.Trim();
string sqlSelect = "";
SqlCommand cmd = new SqlCommand(sqlSelect, con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
Session["dt"] = dt;
Response.Redirect("property_list.aspx");
}
答案 0 :(得分:0)
如评论中所述,请始终使用参数化查询来阻止SQL注入。来到你的实际问题,你应该从一个查询字符串开始,它给你整个结果集。此外,根据用户输入,不断添加过滤器并扩展您的查询:
var sql = new StringBuilder();
//This will select all records from your table
sql.Append("SELECT FROM YOUR TABLE WHERE 1=1");
// Check your conditions here
if (dd_status.SelectedValue != null) //Or some other condition
sql.Append(" AND STATUS = @status");
// ... and so on for each filter
//Finally with your sql command add necessary parameters
using (SqlCommand cmd = new SqlCommand(sql.ToString(), conn))
{
if (dd_status.SelectedValue != null)
cmd.Parameters.AddWithValue("@status", dd_status.SelectedValue);
// ... and so on for each filter
}