网格视图搜索 [英] gridview search

问题描述

我有一个页面，其中有一个TextBox和一个GridView. GridView有很多行.我将输入文本框，然后基于该文本框搜索记录并在GridView中显示特定记录.
我已经实现了该功能，但是它仅在我们将字符串作为输入时才起作用，但不适用于整数和日期时间值.
请帮助我找出代码有什么问题.
这是代码.

I have a page which has one TextBox and a GridView. GridView has lots of rows. I will give input to the textbox and based on that it will search the records and display particular record in the GridView.
I have already implemented the functionality but its working only when we give string as input but it''s not working for integers and date-time values.
Please help me find out what''s wrong with the code.
Here is the code.

DataSet ds = new DataSet();
SqlConnection con = new SqlConnection(connectionstring);
string str = txttechsearch.Text;

SqlDataAdapter da = new SqlDataAdapter("select * from Support_details where  strtechname ='" + txttechsearch.Text + "' OR strtechqualification='" + txttechsearch.Text + "' OR strtechexperience='" + txttechsearch.Text + "' OR strtechlevel='" + txttechsearch.Text + "' OR strprobquery='" + txttechsearch.Text + "' OR strstatus='" + txttechsearch.Text + "' ", con);
da.Fill(ds);
gvsupport.DataSource = ds.Tables[0];
gvsupport.DataBind();

推荐答案

如果整数或日期大于您的sql字符串上的

""+ txttechsearch.Text +"''

它只能是"+ txttechsearch.Text +".单个逗号不用于
整数和日期.

Hi,

If integer or date than on your sql string do not use

''" + txttechsearch.Text + "''

it must be " + txttechsearch.Text + " only. Single comma is not use for
integer and date.

根据soni的答复，如果将int有时用单引号引起来，则int的比较将失败.
但在所有建议中，我建议您使用参数化查询 [ ^ ]而不是内联查询，内联查询容易受到SQL注入攻击.

As per as soni replied Comparison will failed for int if it''s wrapped in single quotation sometimes.

But among of all I would suggest you to use Parametrized query[^] instead of inline query, inline query is prone to SQL Injection attack easily.

这篇关于网格视图搜索的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！