用'LIKE'构造select语句的问题 [英] Problem constructing the select statement with 'LIKE'
本文介绍了用'LIKE'构造select语句的问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
获取报价的问题
请协助。
SqlCommand SqlCmd = new SqlCommand( @ 从Loanmaster中选择*其中
Id_Code LIKE % + txt_Search.Text +% +或
客户LIKE% + txt_Search.Text +% +或
Apprs_No LIKE% + txt_Search.Text +% ,sqlCon);
谢谢
解决方案
你可以尝试如下
SqlCommand SqlCmd = new SqlCommand( 从Loanmaster中选择*,其中 +
Id_Code LIKE'% + txt_Search.Text + %'或 +
客户LIKE'% + txt_Search.Text + %'或 +
Apprs_No LIKE'% + txt_Search.Text + %',sqlCon);
但这不安全。使用参数化的sql语句,它是安全的,你不需要担心引号。
SqlCommand SqlCmd = new SqlCommand( @ 从Loanmaster中选择*其中
Id_Code LIKE @searchkey或
客户LIKE @searchkey或
Apprs_No LIKE @searchkey,sqlCon );
SqlCmd.Parameters.AddWithValue( @ searchkey, % + txt_Search.Text + %);
Problem getting the quotes right
Please assist .
SqlCommand SqlCmd = new SqlCommand(@"Select * from Loanmaster where
Id_Code LIKE "%"+ txt_Search.Text+"%"+ or
Customer LIKE "%"+ txt_Search.Text+"%"+ or
Apprs_No LIKE "%"+ txt_Search.Text+"%", sqlCon);
Thanks
解决方案
you can try like below
SqlCommand SqlCmd = new SqlCommand("Select * from Loanmaster where "+ "Id_Code LIKE '%"+ txt_Search.Text+ "%' or "+ "Customer LIKE '%"+ txt_Search.Text+"%' or "+ "Apprs_No LIKE '%"+ txt_Search.Text+ "%'", sqlCon);
But that is not secure. Use Parameterized sql statement, it is safe and you don't need to worry about quotes.
SqlCommand SqlCmd = new SqlCommand(@"Select * from Loanmaster where Id_Code LIKE @searchkey or Customer LIKE @searchkey or Apprs_No LIKE @searchkey " , sqlCon); SqlCmd.Parameters.AddWithValue("@searchkey", "%" + txt_Search.Text + "%");
这篇关于用'LIKE'构造select语句的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
