如何在Asp.net C#中使用StrinBuilder搜索2个值 [英] How to search by 2 Values by using StrinBuilder in Asp.net C#
本文介绍了如何在Asp.net C#中使用StrinBuilder搜索2个值的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的按钮点击代码是
my button Click Code is
protected void butSearch_Click(object sender, EventArgs e)
{
blError.Items.Clear();
StringBuilder sb = new StringBuilder();
StringBuilder rb = new StringBuilder();
string s = string.Empty;
rb.Append(" WHERE ");
if (txtNo.Text.Trim() != string.Empty)
{
rb.AppendFormat("SL_NO like '{0}%'", txtNo.Text.Trim());
}
if (txtName.Text.Trim() != string.Empty)
{
rb.AppendFormat("CUSTOMERNAME like '{0}%' ", txtName.Text.Trim());
}
if (txtCompany.Text.Trim() != string.Empty)
{
rb.AppendFormat("COMPNAME like '{0}%' ", txtCompany.Text.Trim());
}
if (txtNo.Text.Trim() != string.Empty && txtName.Text.Trim() != string.Empty)
{
blError.Items.Add("Please Search any One Item");//this s writtened due to error
//rb.AppendFormat(" AND ");
if (blError.Items.Count > 0)
return;
}
if ((txtNo.Text.Trim() != string.Empty && txtName.Text.Trim() != string.Empty && txtCompany.Text.Trim() != string.Empty) ||
(txtName.Text.Trim() != string.Empty && txtCompany.Text.Trim() != string.Empty) ||
(txtName.Text.Trim() == string.Empty && txtNo.Text.Trim() != string.Empty && txtCompany.Text.Trim() != string.Empty))
{
blError.Items.Add("Please Search any One Item");//this s writtened due to error
if (blError.Items.Count > 0)
return;
//rb.AppendFormat(" AND ");
}
string key = string.Empty;
if (rb.ToString() != " WHERE ")
{
key = rb.ToString();//.Substring(0, rb.ToString().Length - 5);
DataTable dt = new DataTable();
dt = new Service().SearchSales(dlService.PageIndex, dlService.PageSize, key);
if (Common.HasRows(dt))
{
dlService.DataSource = dt;
dlService.DataBind();
}
else
{
blError.Items.Add("Sorry no results found");
bind();
}
}
}
推荐答案
试试这个:
Try this:
StringBuilder rb = new StringBuilder();
string s = string.Empty;
string sep = " WHERE");
if (txtNo.Text.Trim() != string.Empty)
{
rb.AppendFormat("{1} SL_NO like '{0}%'", txtNo.Text.Trim(), sep);
sep = " AND";
}
if (txtName.Text.Trim() != string.Empty)
{
rb.AppendFormat("{1} CUSTOMERNAME like '{0}%' ", txtName.Text.Trim(), sep);
sep = " AND";
}
if (txtCompany.Text.Trim() != string.Empty)
{
rb.AppendFormat("{1} COMPNAME like '{0}%' ", txtCompany.Text.Trim(), sep);
sep = " AND";
}
但是......这是一件危险的事情,因为当您通过连接字符串来构建SQL命令时,你让自己对SQL注入攻击敞开大门。你真的,真的应该使用参数化查询,如果它在现实世界附近,或者你冒着数据库损坏或破坏的风险。
But...that is a dangerous thing to do, because when you build an SQL command by concatenating strings, you leave yourself wide open to an SQL Injection attack. You really, really should do this with parameterized queries if this is going anywhere near the real world, or you run the risk of your database being damaged or destroyed.
这篇关于如何在Asp.net C#中使用StrinBuilder搜索2个值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
