我搜索但不工作的代码如何使其工作? [英] This Code I Make For Searching But Not Working How Can I Make It Work?
本文介绍了我搜索但不工作的代码如何使其工作?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Protected Sub Button8_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Button8.Click
lnk1.Visible = False
lnk2.Visible = False
lnk3.Visible = False
lnk4.Visible = False
lnk5.Visible = False
lnk6.Visible = False
lnk7.Visible = False
lnk8.Visible = False
lnk9.Visible = False
lnk10.Visible = False
constr = "Data Source=.\SQLEXPRESS;AttachDbFilename=D:\trust bazar\trust bazar\App_Data\Database1.mdf;Integrated Security=True;User Instance=True"
conn.ConnectionString = constr
conn.Open()
Dim sql = "select count(id) from tuli where cata='" & TextBox1.Text & "' or price ='" & TextBox2.Text & "'or dist = '" & TextBox3.Text & "'"
Dim comm As New SqlCommand(sql, conn)
Dim dr As SqlDataReader
dr = comm.ExecuteReader
If dr.Read() Then
If dr.Item(0) <= 5 Then
lnk1.Visible = True
ElseIf dr.Item(0) <= 10 Then
lnk1.Visible = True
lnk2.Visible = True
ElseIf dr.Item(0) <= 15 Then
lnk1.Visible = True
lnk2.Visible = True
lnk3.Visible = True
ElseIf dr.Item(0) <= 20 Then
lnk1.Visible = True
lnk2.Visible = True
lnk3.Visible = True
lnk4.Visible = True
ElseIf dr.Item(0) <= 25 Then
lnk1.Visible = True
lnk2.Visible = True
lnk3.Visible = True
lnk4.Visible = True
lnk5.Visible = True
ElseIf dr.Item(0) <= 30 Then
lnk1.Visible = True
lnk2.Visible = True
lnk3.Visible = True
lnk4.Visible = True
lnk5.Visible = True
lnk6.Visible = True
ElseIf dr.Item(0) <= 35 Then
lnk1.Visible = True
lnk2.Visible = True
lnk3.Visible = True
lnk4.Visible = True
lnk5.Visible = True
lnk6.Visible = True
lnk7.Visible = True
ElseIf dr.Item(0) <= 40 Then
lnk1.Visible = True
lnk2.Visible = True
lnk3.Visible = True
lnk4.Visible = True
lnk5.Visible = True
lnk6.Visible = True
lnk7.Visible = True
lnk8.Visible = True
ElseIf dr.Item(0) <= 45 Then
lnk1.Visible = True
lnk2.Visible = True
lnk3.Visible = True
lnk4.Visible = True
lnk5.Visible = True
lnk6.Visible = True
lnk7.Visible = True
lnk8.Visible = True
lnk9.Visible = True
ElseIf dr.Item(0) <= 50 Then
lnk1.Visible = True
lnk2.Visible = True
lnk3.Visible = True
lnk4.Visible = True
lnk5.Visible = True
lnk6.Visible = True
lnk7.Visible = True
lnk8.Visible = True
lnk9.Visible = True
lnk10.Visible = True
End If
End If
Panel1.Visible = False
Panel2.Visible = False
Panel3.Visible = False
Panel4.Visible = False
Panel5.Visible = False
data(Session("line"))
End Sub
推荐答案
搜索和复制/粘贴的代码绝不保证是100%(或者根本)工作。这段代码(至少对我而言)不清楚......它只包含检查数据库的代码(如果存在!),然后显示或隐藏一些链接等等。
我们也无法帮助您使程序正常运行。即使我们做了某些事情,我们也只能做一些事情来使它编译。您必须删除逻辑或运行时错误。此外,此类博客文章的作者确实留下了一个部分供您发表有关文章,代码或其他内容的评论或其他问题( on-topic )。所以你可以使用他们的论坛来讨论如何使这段代码可以工作。
A code searched and copy/pasted is never guaranteed to be 100% (or at all) working. This code is (at least to me) unclear... It contains only the code to check the database (if exists!) and then show or hide a few links and so on.
We can also not help you in making the program work. Even if we do something, we can only do something to make it compile. Logical or run-time errors must be removed by you. Also, the author of such blog posts does leave a section for you to post comments or other questions about the article, code or something else (on-topic). So you can use their forum to discuss how to make this code work-able.
你的代码让你对SQL注入开放,使用参数化查询。看起来您的价格存储为字符串,如果不这样做,请将其存储为适当的数字格式。给你的控件通用lnk1等名称意味着无法正确理解代码。
除了所有这些问题,你的代码完全匹配,所以cata字段需要完全匹配Textbox1中的内容。如果您正在寻找通配符搜索,您需要
其中cata如'%searchtexthere%'
除此之外,我们不知道您的数据或方案,或者您在文本框中放置了什么,或者如果您收到任何错误,您似乎没有告诉我们您调试的任何步骤正在进行所以很难提供任何特别具体的建议。
Your code leaves you open to SQL injection, use parameterised queries. It looks like your price is being stored as a string, if so don't do that, store it as an appropriate numeric format. Giving your controls generic "lnk1" etc names means it's impossible to properly understand the code.
All those issues aside, your code is doing an exact match, so the cata field needs to match what is in Textbox1 exactly. If you're looking to do a wildcard search you need
where cata like '%searchtexthere%'
Other than that we don't know your data or scheme or what you're putting in your textboxes or if you're getting any errors, you haven't seem to have told us any steps you've taken to debug what is going on so it's hard to offer any particularly specific advice.
除了解决方案2:
你的方法是错误的从一开始就。通过串联从UI获取的字符串组成的查询。不仅重复的字符串连接是低效的(因为字符串是不可变的;我是否必须解释为什么它会使重复连接变坏?),但是有更重要的问题:它打开了通向良好的大门已知的漏洞称为 SQL注入。
这是它的工作原理: http://xkcd.com/327 。
你明白了吗?从控件中获取的字符串可以是任何东西,包括......一段SQL代码。
怎么办?只需阅读有关此问题和主要补救措施:参数化语句: http://en.wikipedia.org/ wiki / SQL_injection 。
使用ADO.NET,使用:http://msdn.microsoft.com/en-us/library/ff648339.aspx 。
请参阅我过去的答案有更多细节:
在com.ExecuteNonQuery中更新EROR( ); ,
嗨名字没有显示名称?。
请看我对这个问题的评论。此代码显示您尚未准备好进行UI和数据库开发。我建议获得一般的编程经验和理解,在仅限控制台的项目上做一些简单的练习。
-SA
In addition to Solution 2:
Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.
This is how it works: http://xkcd.com/327.
Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.
What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.
With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.
Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.
And please see my comment to the question. This code shows that you are not yet ready for UI and database development. I would advise to get general programming experience and understanding, makes some simple exercises on console-only projects.
—SA
这篇关于我搜索但不工作的代码如何使其工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
