如何编写查询以获取数据用户的个人帖子 [英] how to write query for get the data user personal posts

问题描述

这是eswar，我希望单个用户从服务器发布数据，所以我写下面的代码，但是得到更多的结果，所以PLZ帮助我。



这是我的查询plz修改此查询以获得最佳效果..谢谢你

hi this is eswar , i want single user posted data from server so i wrote below code but is get more results so plz help me.

this is my query plz modify this query for best results..thank you

"SELECT n.newsid, n.state, n.district, n.region, n.views, n.currentplace, n.newstitle, n.description, n.poston, n.postby, (SELECT TOP 1 imagepath FROM tbl_userpost_newsimages ni WHERE nipostby='"+lbl_upname.Text+"'  and n.newsid=ni.newsid) AS imagepath FROM  tbl_userpost_news  n Order By n.poston desc"

推荐答案

1。您的SQL语句中没有WHERE子句。您在子查询中使用了一个，但您还需要在主查询中放置一个，否则您将获得所有记录。

2.切勿对参数使用这样的字符串连接。我可以使用SQL注入技术编写的代码窃取您的数据。而是使用参数化语句，如下所示：

1. You do not have a WHERE clause on your SQL statement. You are using one in the subquery but you need to also put one on the main query or else you get all records.
2. Never use string concatenation like this for parameters. I could steal your data with the code you have written using SQL injection techniques. Instead use parameterized statements, like this:

string SQL = "SELECT * FROM table1 WHERE field1 = @userName";
...
cmd.CommandText = SQL;
...
cmd.Parameters.AddWithValue("@userName", lbl_upname.Text);
...

这篇关于如何编写查询以获取数据用户的个人帖子的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！