SQL查询中的2个WHERE子句 [英] 2 WHERE clauses in sql query

问题描述

我在编写带有2个WHERE子句的sql查询时遇到麻烦.这是我当前的查询，

I am having trouble writing an sql query with 2 WHERE clauses. This is my current query,

("SELECT * FROM Sales WHERE CD/DVD = ''" + typeDisc + "'' and SaleDate LIKE ''" + Date + "''%");

经过几次Google搜索，我发现在两个"WHERE"子句之间插入"and"后，它应该返回我的结果.

任何帮助/示例都将不胜感激.

After a few google searches, I found that after inserting ''and'' between the two ''WHERE'' clauses, it should return my result.

Any help/examples would be appreciated.

推荐答案

我来看看typeDisc的值(假设它是 string >)，看看其中是否有单引号.如果是这样，您需要通过用两个单引号将其替换来对其进行转义.另一方面，如果它是一个 enum 变量，则应使用ToString()函数获取其值.接下来，查看Date.如果这是DateTime对象，则需要使用ToString()函数之一(可能带有必要的格式字符串)来获取值.

如果SalesDate是 datetime 数据类型，则可能需要通过将其转换为 date 数据类型来进行比较过滤，以忽略时间元素:

I would take a look at the value of the typeDisc (assuming it is a string) and see if there has a single quote in it. If so, you need to escape it by replacing it with two single quotes. On the other hand, if it is an enum variable, then you should use the ToString() function to get its value. Next, look at the Date. If this is a DateTime object, then you will need to use one of the ToString() functions (possibly with the necessary format string) to get the value.

If SalesDate is a datetime datatype, then you may need to do your comparison filter by converting it to a date datatype to ignore the time element:

"...AND CONVERT([date], SalesDate) = CONVERT([date], '" + Date + "')"

话虽这么说，但值得注意的是，像这样的sql查询容易受到sql注入攻击.使用参数是一种更好的方法.

Having said this, it is worth noting that sql queries like this are subject to sql injection attacks. Using parameters is a better method.

这篇关于SQL查询中的2个WHERE子句的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！