如何在标准上搜索ID或名称？ [英] How to search id or name over criteria ?

问题描述

我正在尝试搜索将反映到我的DGV（DataGridView）中的数据库记录。我的DGV使用bindingsource和tableadapter在表单启动时使用条件搜索进行绑定，从而显示我想要的特定记录。



我的表（userdata）包含所有用户详细信息（学生，教师），所有这些都用数字分隔，如（Faculty = 1和Student = 2）。但我添加了一个TextBox来搜索facultyDGV它还显示了学生。



该表有一个真实的列名，带有数字1和2用于分离目的。



我怎么能摆脱这个？



我尝试过：



我的DGV加载查询是=SELECT * from [userdata] WHERE authentic = 1，工作正常并显示教师。



我的SearchTextBox查询是=SELECT *来自[userdata] WHERE名称如'％'

searchTextBox.text％'或id如'％'

searchTextBox.text％'AND authentic = 1 ，不工作和显示所有用户。



我也试过=SELECT * from [userdata] WHERE name like'％searchTextBox.text％'AND authentic = 1仅适用于名称搜索，但我想使用相同的searchtextbox搜索我想要的名称，ID和其他信息。



帮我构建此查询。



谢谢codeproject。

Well I'm trying to search database records which will be reflect into my DGV (DataGridView). My DGV is binded using bindingsource and tableadapter at form startup with criteria search which leads to show specific records i want.

My table (userdata) contains all users details (Student, Faculty) all together separated with numbers like (Faculty=1 and Student=2). But I added a TextBox to search over facultyDGV it shows also students.

The table has a column name authentic which carry the numbers 1 and 2 for separation purpose.

How can I get rid of this ?

What I have tried:

My DGV load query is = "SELECT * from [userdata] WHERE authentic=1", works fine and showing faculty.

My SearchTextBox query is = "SELECT * from [userdata] WHERE name like '%"
searchTextBox.text "%' OR id like '%"
searchTextBox.text "%' AND authentic=1", not working and showing all users.

I also tried = "SELECT * from [userdata] WHERE name like '%" searchTextBox.text "%' AND authentic=1" which works over name search only but i want to search using same searchtextbox with name, id and other information i want.

help me to build this query.

Thank you codeproject.

推荐答案

0）你是Id吗？字段*真的*一个字符串？大多数情况下，表中的Id字段是一个整数。



1）你不应该通过将字符串与这样的变量连接来形成你的查询，因为你风险sql注入。您应该在用于运行查询的 SqlCommand 对象中设置参数。即使是粗略的谷歌搜索，也有很多可以轻易发现的内容。



2）假设@authentic = 2，@ name ='Steve'; < br $>

0) Is you Id field *really* a string? Most of the time, the Id field in a table is an integer.

1) You shouldn't form your query by concatenating strings with variables like that, because you risk sql injection. You should set parameters in the SqlCommand object you use to run the query. There are many references to this that are easily discoverable with even a cursory google search.

2) Assuming @authentic = 2, and @name = 'Steve';

"SELECT * from [userdata] WHERE authentic=" + @authentic + " and name like '%" + @name + "%'"

上面的查询将为您的所有学生提供名称中某处的steve一词。



我不确定鉴于我的第一个问题，我有什么问题。

The query above will give you all students with the word "steve" somewhere in the name.

I'm not sure what Id has to do with given my first question.

这篇关于如何在标准上搜索ID或名称？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！