日期检索问题的帮助 [英] date retrieving problem help
本文介绍了日期检索问题的帮助的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
using (SqlConnection conn = new SqlConnection(conStr))
{ // Creating insert statement
string sql = string.Format(@"SELECT * FROM clientInfo where cl_id = " + txtUID.Text);
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
cmd.CommandText = sql;
SqlDataReader dr = null;
cmd.CommandType = CommandType.Text;
conn.Open();
dr = cmd.ExecuteReader();
if (dr.Read())
{
txtFName.Text = (dr["cl_name"].ToString());
txtUNic.Text = (dr["cl_cnic"].ToString());
txtUDob.Text = (dr["cl_dob"].ToString());
txtECMNumber.Text = (dr["cl_rcphone"].ToString());
}
conn.Close();
}
当我检索日期时,它选择随机日期而不是日期表格。
when i retrieve date it select random date not the date which is an the table.
txtUDob.Text = (dr["cl_dob"].ToString());
以上代码用于日期检索
the above codes are used for date retrieving
推荐答案
首先,不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
其次,您需要准确查看文本框中的内容以及数据库中的内容。
如果您没有指定订单并且有多个匹配WHERE条件的行,则SQL将仅返回随机数据。在这种情况下,可以自由地以任何方便的方式返回行,每次都可能不一样(通常是,但不一定是这样)。
因此,请检查返回的行数,查看数据库并开始查找返回的值。
我们不能为你做到这一点!
First off, do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Second, you need to look at exactly what is in your textbox, and what is in the DB.
SQL will only return "random data" if you don't specify an order and there are more than one row matching your WHERE condition. Under those circumstances it is at liberty to return the rows in any order it finds convenient, which may not be the same each time (normally is, but doesn't have to be).
So check how many rows are returned, look at the DB and start finding out what values it is returning.
We can't do that for you!
这篇关于日期检索问题的帮助的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
