无法从数据库中获取数据 [英] Unable to fetch data from database
本文介绍了无法从数据库中获取数据的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
当我试图在where子句中一起检查3个条件时,选择查询无效...代码如下
受保护 void Page_Load( object sender,EventArgs e)
{
GetResults();
}
私人 void GetResults()
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings [ HousingConnectionString]的ConnectionString)。
conn.Open();
string 查询;
SqlCommand com;
SqlDataReader阅读器;
SqlDataAdapter adapter = new SqlDataAdapter();
query = SELECT Flat,First_Name,Middle_Name,Last_Name,Mobile_No,Email,DOB,年龄,教育,Office_Add,Native_Add,PAN_Card,Aadhar_Card,Religion,Business_Job,Married_Unmarried,No_Of_Members,Joining_Date from Primary_Member,其中Flat =' + Request.QueryString [ fnum] + ';
com = new SqlCommand(query,conn);
adapter.SelectCommand = new SqlCommand(query,conn);
reader = com.ExecuteReader();
GridView1.DataSource = reader;
GridView1.DataBind();
}
解决方案
1。这是一种危险的编码方式。它暴露于sql注入。请使用参数而不是连接代码。例如:
query = SELECT ... FROM ... WHERE Flat = @Flat;
...
com.Parameters.AddWithValue( @ Flat, Request.QueryString [ fnum]);
2.你在WHERE条款中只传递了1个条件,但你说你遇到问题3.
3.首先在Sql Management Studio中编写查询,然后在那里工作。然后你可以很容易地把它放到C#中。
4.我还建议你不要使用你编写存储过程的内联sql而是调用它。
Select query is not working when i'm trying to check 3 conditions together in where clause...The code is as follows
protected void Page_Load(object sender, EventArgs e)
{
GetResults();
}
private void GetResults()
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["HousingConnectionString"].ConnectionString);
conn.Open();
string query;
SqlCommand com;
SqlDataReader reader;
SqlDataAdapter adapter = new SqlDataAdapter();
query = "SELECT Flat, First_Name, Middle_Name, Last_Name, Mobile_No, Email, DOB, Age, Education, Office_Add, Native_Add, PAN_Card, Aadhar_Card, Religion, Business_Job, Married_Unmarried, No_Of_Members, Joining_Date from Primary_Member where Flat='" + Request.QueryString["fnum"] + "'";
com = new SqlCommand(query, conn);
adapter.SelectCommand = new SqlCommand(query, conn);
reader = com.ExecuteReader();
GridView1.DataSource = reader;
GridView1.DataBind();
} 解决方案
1. This is a dangerous way to code. It's exposed to sql injection. Please use parameters instead of concatenating code. For example:
query = "SELECT ... FROM ... WHERE Flat = @Flat"; ... com.Parameters.AddWithValue("@Flat", Request.QueryString["fnum"]);
2. You are only passing in 1 condition in your WHERE clause but you said you had a problem with 3.
3. Write your query in Sql Management Studio first and get it working there. Then you can easily put it into C#.
4. I would also recommend instead of using the inline sql that you write a stored procedure and call it instead.
这篇关于无法从数据库中获取数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
