根据给定的部分名称显示所有emp名称 [英] To display all the emp names based on partial name given

问题描述

大家好，

愿任何人请告诉我如何根据文本框中给出的部分名称从数据库中获取所有名称的程序。我正在使用winform（c＃）并且搜索条件是基于ID和name.But我无法理解如何将AutoSuggest方法应用于现有的winform（文本框）。可能有人请描述步骤并帮助我。

我的查询是（选择* from table_name其中S_ID ='+ txtSearch.Text +'或Fellow_name ='+ txtSearch1.Text +'）

Hi all,
May anyone please tell me the procedure about how to get all the names from database based on partial name given in a textbox.i am using winform(c#) and search criteria is based on ID and name.But i am not able to understand how to apply AutoSuggest method to already existing winform(textbox).May anyone please describe the steps and help me out.
My query is (select * from table_name where S_ID = '" + txtSearch.Text + "' OR Fellow_name = '" + txtSearch1.Text + "'")

推荐答案

你的方法有误从一开始。查询由从UI中获取的字符串连接组成。不仅重复的字符串连接效率低下（因为字符串是不可变的;我是否必须解释为什么它会使重复连接变坏？），但是有更重要的问题：它打开了一个名为 SQL注入的知名漏洞的大门。



这是它的工作原理：http://xkcd.com/327 。



你明白了吗？从控件中获取的字符串可以是任何东西，包括......一段SQL代码。



怎么办？只需阅读有关此问题和主要补救措施：参数化语句： http://en.wikipedia.org/ wiki / SQL_injection 。



使用ADO.NET，使用：http://msdn.microsoft.com/en-us/library/ff648339.aspx 。



请参阅我过去的答案有更多细节：

在com.ExecuteNonQuery中更新EROR（ ）; ，

嗨名字没有显示在名称中？。

-SA

Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.

This is how it works: http://xkcd.com/327.

Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.

What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.

With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.

Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.

—SA

这篇关于根据给定的部分名称显示所有emp名称的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！