用TextBox搜索并提交按钮？ [英] search with TextBox and submit button?

问题描述

我正在制作一个搜索页面，我正在放置一个文本框并提交按钮。当用户输入文本然后在按钮上单击应该发生的是关键字应该与sql查询绑定，它应该在数据库中查找与该查询匹配的关键字。



i在sql server management studio中尝试了这个查询并且它正在工作：



来自项目WHERE的SELECT *（pcode LIKE''a％''）或（fundingagency LIKE' 'r％''）



我想要的是在两列中绑定文本框数据，就像我想要的那样



string query =select pcode，fundingagency from project where =（''pcode''喜欢TextBox1.Text）或（''fundingagency''喜欢TextBox1.Text）;

SqlDataAdapter adp = new SqlDataAdapter（query，con）;



有人可以为我格式化这个查询。 casue我得错误说多部分识别器textbox.text找不到。

解决方案

尝试

 string query =select pcode，来自项目的资金来源（pcode喜欢''+ TextBox1.Text）+''或（像'++ TextBox1.Text +'''）这样的资金来源; 

。

尝试：

  string  query =  从项目中选择pcode，fundingagency（pcode like' + TextBox1.Text +  '）或（financeagency like' + TextBox1.Text +  '）; 
 SqlDataAdapter adp =  new  SqlDataAdapter（query，con）; 

但是说真的，你根本不应该这样做！不要连接字符串来构建SQL命令。您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询：

  string  query =  选择pcode，来自项目的资金来源（像@SS这样的pcode）或（像@SS这样的资助）; 
 SqlDataAdapter adp =  new  SqlDataAdapter（query，con）; 
 adp.SelectCommand.Parameters.AddWithValue（  @ SS，TextBox1.Text）; 

这两个都假设用户已在其文本框中添加了''％''字符。

 protected void Button1_Click（object sender，EventArgs e）
 {
 string query =select pcode，pname，pi，copi，fundingagency，total from project where（pcode like''％''+ @SS +''％'' ）或（像''％''+ @SS +''％'''的资助）; 
 SqlDataAdapter adp = new SqlDataAdapter（query，con）; 
 adp.SelectCommand.Parameters.AddWithValue（@ SS，TextBox1.Text）; 
 
 DataTable dt = new DataTable（）; 
 adp.Fill（dt）; 
 GridView1.DataSource = dt; 
 GridView1.DataBind（）; 
} 

这对我有用

i am making a search page in where i am putting a textbox and submit button. when the user enters a text then on button click what should happen is that the keyword should be binded with sql query and it should look for keywords matching that query in database.

i tried this query in sql server management studio and it was working:

SELECT * from project WHERE (pcode LIKE ''a%'') OR (fundingagency LIKE ''r%'')

what i want is to bind the textbox data in both the columns like what i want is

string query = "select pcode,fundingagency from project where=" (''pcode'' like TextBox1.Text) or (''fundingagency'' like TextBox1.Text) ;
SqlDataAdapter adp = new SqlDataAdapter(query,con);

can somebody format this query for me. casue i m getting errors saying "the multi-part identifiesr "textbox.text"could not be found.

解决方案

Try

string query = "select pcode,fundingagency from project where (pcode like ''" + TextBox1.Text) + "'' or (fundingagency like ''" + TextBox1.Text + "'')" ;

.

Try:

string query = "select pcode,fundingagency from project where (pcode like '" + TextBox1.Text+ "') or (fundingagency like '" + TextBox1.Text + "')";
SqlDataAdapter adp = new SqlDataAdapter(query,con);

But seriously, you shouldn''t do it like that at all! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead:

string query = "select pcode,fundingagency from project where (pcode like @SS) or (fundingagency like @SS)";
SqlDataAdapter adp = new SqlDataAdapter(query,con);
adp.SelectCommand.Parameters.AddWithValue("@SS", TextBox1.Text);

Both of these assume that the user has added the ''%'' character to his text box.

protected void Button1_Click(object sender, EventArgs e)
    {
        string query = "select pcode, pname, pi, copi, fundingagency, total from project where (pcode like''%''+ @SS +''%'')  or (fundingagency like ''%'' + @SS + ''%'')";
        SqlDataAdapter adp = new SqlDataAdapter(query, con);
        adp.SelectCommand.Parameters.AddWithValue("@SS", TextBox1.Text);
        
       DataTable dt = new DataTable();
        adp.Fill(dt);
        GridView1.DataSource = dt;
        GridView1.DataBind();
    }

this worked for me

这篇关于用TextBox搜索并提交按钮？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！