如何从文本框中获取值到sql查询? [英] How do I get a value from a textbox into a sql query?
问题描述
嗨。
我对SQL语句有疑问。
我有MonthCalendar我选择日期。然后日期显示在一个文本框中。
在表单上我也有一个datagridview。
我尝试了很多不同的转换器。
DateTime condition = Convert.ToDateTime(textBox1.Text);
sda = new SqlDataAdapter( SELECT * FROM tbl_Tidrapport WHERE Datum LIKE + condition + ,cn);
dt = new DataTable();
sda.Fill(dt);
dataGridView1.DataSource = dt;
总是收到错误。
请帮忙...... 。
如何在SQL查询中获取日期?
LIKE不起作用,它适用于字符串:和机会它是不匹配的,因为Datum值与微秒不完全匹配 - 这是等式检查所期望的。
所以试试这个:
< pre lang =c#> DateTime condition = Convert.ToDateTime(textBox1.Text).Date;
sda = new SqlDataAdapter( SELECT * FROM tbl_Tidrapport WHERE CONVERT(date,Datum)= @DT,cn);
sda.SelectCommand.Properties.AddWithValue( @ DT,condition);
dt = new DataTable();
sda.Fill(dt);
dataGridView1.DataSource = dt;
首先 - 不要直接插入查询。而是使用SqlParameters。这有助于避免SQL注入危险。
您的查询有第二个问题:条件将用作字段名称,因为它在查询中没有单引号。参数也可以处理。
试试这个:
DateTime condition = Convert.ToDateTime(textBox1 。文本);
dt = new DataTable();
使用(SqlCommand cmd = cn.CreateCommand())
{
cmd.CommandText = SELECT * FROM tbl_Tidrapport WHERE Datum LIKE @condition;
cmd.CommandType = CommandType.Text;
cmd.Parameters.Add( new SqlParameter( @condition,SqlDbType.DateTime){Value = condition});
使用(SqlDataAdapter sda = new SqlDataAdapter(cmd))
{
cn.Open();
sda.Fill(dt);
cn.Close();
}
}
另外,使用赞 使用日期类型并没有任何意义。我不知道你想用它做什么,但我把它留在我的解决方案中。
如果你想要喜欢问题的帮助那么让我们我在评论中知道
祝你好运:)
语法错误
搜索
请参阅此 SQL Like查询 [ ^ ]
do类似这样的事情
string condition = ;
var sda = new SqlDataAdapter( SELECT * FROM tbl_Tidrapport WHERE Datum LIKE'% + condition + %',cn);
Hi.
I have a question about SQL statement.
I have a MonthCalendar where I select a date. The date then shows up in a textbox.
On the form I also have a datagridview.
I have tried alot of diffrent converters.
DateTime condition = Convert.ToDateTime(textBox1.Text);
sda = new SqlDataAdapter("SELECT * FROM tbl_Tidrapport WHERE Datum LIKE "+ condition +"", cn);
dt = new DataTable();
sda.Fill(dt);
dataGridView1.DataSource = dt;
Always get error.
Please help....
How can I get the date in the SQL query?
LIKE won't work, it's for strings: and the chances are that it doesn't match because the Datum value doesn't exactly match to the microsecond - which is what an equality check will expect.
So try this:
DateTime condition = Convert.ToDateTime(textBox1.Text).Date; sda = new SqlDataAdapter("SELECT * FROM tbl_Tidrapport WHERE CONVERT(date, Datum) = @DT", cn); sda.SelectCommand.Properties.AddWithValue("@DT", condition); dt = new DataTable(); sda.Fill(dt); dataGridView1.DataSource = dt;
First of all - Do not insert into your query directly. Instead use SqlParameters. This helps avoid SQL Injection dangers.
Your query has a second issue: the "condition" would be used as a field name as it has no single quotes within the query. Parameters take care of that too.
Try this:
DateTime condition = Convert.ToDateTime(textBox1.Text); dt = new DataTable(); using (SqlCommand cmd = cn.CreateCommand()) { cmd.CommandText = "SELECT * FROM tbl_Tidrapport WHERE Datum LIKE @condition"; cmd.CommandType = CommandType.Text; cmd.Parameters.Add(new SqlParameter("@condition", SqlDbType.DateTime) {Value = condition}); using (SqlDataAdapter sda = new SqlDataAdapter(cmd)) { cn.Open(); sda.Fill(dt); cn.Close(); } }
Also, using "Like" with a date type doesn't really make any sense. I have no idea what you are trying to achieve with that, but I have left it in my solution.
If you want help with the "Like" issue then let me know in a comment
Good luck :)
Syntax error forLike
search
refer this SQL Like query [^]
do something like this
string condition = ""; var sda = new SqlDataAdapter("SELECT * FROM tbl_Tidrapport WHERE Datum LIKE '%" + condition + "%'", cn);
Note: Be aware of SQL Injection [^]
SQL Injection Attacks[^]
这篇关于如何从文本框中获取值到sql查询?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!