我如何在数据库中搜索 [英] how do i search in database

问题描述

con.Open()
       qur = "select * from exa where NAME=" + TextBox4.ToString() + ""
       Dim cmd = New OleDbCommand
       cmd = New OleDbCommand(qur, con)
       cmd.ExecuteNonQuery()
       Dim label As New Label
       Me.Controls.Add(label)
       label.Text = qur
       con.Close()

i希望在oracle数据库中按名称搜索，只显示搜索到的名称在标签上以及在数据库中匹配的名称也显示在标签上



i想要制作一个停靠在右侧的面板，我想在我移动我的时候显示它在右边然后它必须显示它

i want to search by name in oracle database and only dispaly searched name on lable and also for matching name in database also show on label

i want ot make a panel which is docked to right and i want to show it when i move my cursor to the right then it have to show it

推荐答案

这不太可能以它当前的形式起作用，并且即使被纠正也可能不是你想要的。 />
第一件事是TextBox.ToString将始终返回相同的值：System.Windows.Forms.TextBox，Text：后跟文本框内容。你可能想要它的Text属性，而不是调用ToString方法。

要给SQL一个字符串进行比较，它需要它作为一个字符串 - 而不仅仅是文本。当你连接字符串时，这不会自动发生，你需要引号来分隔文本：

That is unlikely to work in it's current form, and probably not quite what you want even if corrected.
The first thing is that TextBox.ToString will always return the same value: "System.Windows.Forms.TextBox, Text:" followed by the textbox content. You probably want it's Text property, rather than to call the ToString method.
To give SQL a string to compare against, it wants it as a string - rather than just text. When you concatenate strings, this doesn't happen automatically, you need quotes to delimit the text:

qur = "SELECT * FROM exa WHERE NAME='" + TextBox4.Text() + "'"

会改善一些事情，但这仍然是一个坏主意 - 它会给你带来很大的风险！不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询：

Will improve things, but it's still a bad idea - it leaves you at a lot of risk! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead:

qur = "SELECT * FROM exa WHERE NAME=@NM"
Dim cmd = New OleDbCommand
cmd = New OleDbCommand(qur, con)
cmd.Parameters.AddWithValue("@NM", TextBox4.Text)
cmd.ExecuteNonQuery()

但是你呢真的可能想做的是一个不太具体的匹配：你可以使用LIKE子句进行通配符搜索：

But what you really probably want to do is a less specific match: you can use a LIKE clause to do a wildcard search:

qur = "SELECT * FROM exa WHERE NAME LIKE '%' + @NM + '%'"
Dim cmd = New OleDbCommand
cmd = New OleDbCommand(qur, con)
cmd.Parameters.AddWithValue("@NM", TextBox4.Text)
cmd.ExecuteNonQuery()

错别字，忘了单词LIKE：doh： - OriginalGriff [/ edit]

[edit]Typos, and forgot the word "LIKE" :doh: - OriginalGriff[/edit]

这篇关于我如何在数据库中搜索的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！