与AND运算符在SQL中一样 [英] Like With AND Operator IN SQL

问题描述

我无法从sql查询中获得相应的结果。这是我的代码： -

Hi,

I am not able to get the result accordingly from the sql query. Here is my code :-

SELECT * FROM Customer WHERE Name LIKE '%" + txtName.Text + "%' AND SubName = 'henry'"

我想得到名字匹配的人我输了但是那个人应该有 SubName =亨利。



我只得到空白记录。我不知道知道我在这条线上做错了什么



任何人都可以帮我解决这个问题

I want to get the person whose name matches which I entered but that person should have SubName = henry.

I only get blank records. I don't know where I'm doing mistake in this line

Any one can help me regarding it

推荐答案

永远不要通过用户输入获得的连接字符串构造SQL查询。这样就可以将代码打开到SQL inje ction attack。



例如，如果有人输入'; DELETE * FROM [Customers]; - 在txtName中，您将丢失所有客户信息。



更好地使用参数化查询。

Never construct a SQL query by concatenig strings obtained by user inputs. This leaves your code opened to SQL injection attacks.

For example, if someone would enter '; DELETE * FROM [Customers]; -- in txtName, you will loose all your customers informations.

Better use parameterized queries.

SELECT * FROM Customer WHERE Name LIKE '%" + @name + "%' AND SubName = 'henry'

yourCommand.Parameters.AddWithValue("@name", txtName.Text);

对于你的问题，可能有以下几个原因：

- 没有人给出名字亨利的名字。

- 有结果但是子名是错误的案例（亨利，例如）。字符串比较区分大小写。

For your issue, there can be several causes:
- nobody has subname henry with given name.
- there are results but the subname is with the wrong case (Henry, for example). String comparisons are case sensitive.

这篇关于与AND运算符在SQL中一样的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！