我怎样才能减少代码........ [英] How Can I Reduce Code........
本文介绍了我怎样才能减少代码........的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
有人请提出想法如何减少搜索代码......
Hi ,
anyone please give idea How can i reduce search code......
private void cmdsearch_Click(object sender, EventArgs e)
{
if (comboBox1.Text=="Name")
{
SqlDataAdapter adp = new SqlDataAdapter("select * from test1 where name='" + textBox3.Text + "'", conn);
DataTable tbl = new DataTable();
adp.Fill(tbl);
dataGridView1.DataSource = tbl;
}
else if (comboBox1.Text == "ID")
{
SqlDataAdapter adp = new SqlDataAdapter("select * from test1 where id='" + int.Parse(textBox3.Text) + "'", conn);
DataTable tbl = new DataTable();
adp.Fill(tbl);
dataGridView1.DataSource = tbl;
}
else if (comboBox1.Text == "Contactno")
{
SqlDataAdapter adp = new SqlDataAdapter("select * from test1 where contactno='" + textBox3.Text + "'", conn);
DataTable tbl = new DataTable();
adp.Fill(tbl);
dataGridView1.DataSource = tbl;
}
else if (comboBox1.Text == "Post")
{
SqlDataAdapter adp = new SqlDataAdapter("select * from test1 where post='" + textBox3.Text+ "'", conn);
DataTable tbl = new DataTable();
adp.Fill(tbl);
dataGridView1.DataSource = tbl;
}
推荐答案
应该是这样的:
Should be like this:
private void cmdsearch_Click(object sender, EventArgs e)
{
SqlDataAdapter adp = new SqlDataAdapter(string.Format("select * from test1 where {0}='{1}'", comboBox1.Text, textBox3.Text), conn);
//
DataTable tbl = new DataTable();
adp.Fill(tbl);
dataGridView1.DataSource = tbl;
}
首先,不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
然后它非常简单:
First off, Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Then it's pretty simple:
private void cmdsearch_Click(object sender, EventArgs e)
{
switch (comboBox1.Text.ToLower())
{
case "name":
case "id":
case "contactno":
case "post":
SqlDataAdapter adp = new SqlDataAdapter("SELECT * FROM test1 WHERE " + comboBox1.Text + "=@PAR", conn);
adp.SelectCommand.Parameters.AddWithValue("@PAR", textBox3.Text);
DataTable tbl = new DataTable();
adp.Fill(tbl);
dataGridView1.DataSource = tbl;
break;
}
}
声明字符串变量
string sql = string.empty;
将字符串放入if块并分配sql语句
将以下行移到外面。< br $>
declare string variable
string sql = string.empty;
put string inside the if block and assign the sql statement
Move the following lines outside.
SqlDataAdapter adp = new SqlDataAdapter(sql, conn);
DataTable tbl = new DataTable();
adp.Fill(tbl);
dataGridView1.DataSource = tbl;
这篇关于我怎样才能减少代码........的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
