如何在C#中搜索记录 [英] how search record in c#
问题描述
ds.Clear()
da = 新建 SqlDataAdapter(" & TextBox12.Text& ",DBConn)
尝试
da.Fill(ds," )
绑定()
捕获,例如 As 异常
退出 子
结束 尝试
请将此代码转换为c#
请解决方案
我认为您的问题不是您无法转换为C#.有很多网站和工具可以为您做到这一点.试用Google,您会发现很多网站.我更喜欢 Developer Fusion [ .NET代码转换-转换代码 [ SQL注入 [ ^ ]并且非常危险(不幸的是非常常见).
因此,您需要参数化您的查询.幸运的是,这并不难.考虑以下代码:
Dim cmd As 新 SqlCommand(" ,DBConn) cmd.Parameters.AddWithValue(" ,> CInt (TextBox12.Text)) da = 新建 SqlDataAdapter(cmd) ' ...注意您的代码如何变得更好地可读?您的查询现在受到SQL注入的保护,"D''Artagnan"不会破坏它!此外,当您使用参数化查询时,SQL Server性能将提高.这是双赢的局面!
但是,这并不能解决所有问题.您的TextBox12.Text
是用户输入,因此必须经过验证.也许用户没有输入有效的Integer
值.
因此,请考虑使用 Integer.TryParse [ Dim userInput As 整数 如果 整数 .TryParse(TextBox12.Text,userInput)然后 cmd.Parameters.AddWithValue(" ,userInput) 其他 ' 用户未输入有效的数值. ' 可能会向他们显示一个MessageBox,无论如何. 结束 如果因此,我们可以进行下一步.让您的用户知道是否有任何问题.现在,您抓到
Exception
,就像什么都没发生一样简单地返回.用户会想知道为什么他们看不到他们的记录...如果您不处理Exception
,请让它冒泡到UI并至少向用户显示那里出了问题.实际上,我已经写了一篇有关正确使用Try Catch
块的文章:使用Try ... Catch. ..,最后! [ ^ ].
本文讨论的另一个主题是使用代码块 [对象实现IDisposable [处置 [ ' 我假设DBConn是一个类字段,并且可能在其他地方使用. ' 我认为ds是一个类字段. 尝试 ds.Clear() ' 将您的SqlCommand放在Using块中. 使用 cmd 使用 新建 SqlCommand(" ) ' 验证用户输入. Dim userInput As 整数 如果 整数 .TryParse(TextBox12.Text,userInput)然后 ' 用户输入有效. cmd.Parameters.AddWithValue(" ,userInput) ' 将您的SqlDataAdapter放在Using块中. ' 不确定SqlDataAdapter是否自动打开连接,所以... DBConn.Open() 使用 da 使用 新建 SqlDataAdapter(cmd) da.Fill(ds," ) 绑定() 结束 使用 其他 ' 用户输入无效. MessageBox.Show(" ) 结束 如果 结束 使用 捕获,例如 As 异常 ' 可能记录异常. MessageBox.Show(字符串 .Format(" ,Environment.Newline,例如消息)) 最后 ' 关闭已关闭的连接不是问题. DBConn.关闭 ' 如果在其他地方使用DBConn,请不要对其进行处置. 结束 尝试该代码可能会更加优雅.但这是一个好的开始:)
希望您能从我的解释中学到一两个东西.您可以自己将代码转换为C#.
祝你好运! :)
尝试一下:
http://www.developerfusion.com/tools/convert/vb-to-csharp/ [ ^ ]
ds.Clear(); da = 新 SqlDataAdapter(" + TextBox12.Text + ",DBConn); 尝试 { da.Fill(ds," ); Bind(); } 捕获 { 返回; }
[edit]添加了C#的预标签-PES [/edit]
ds.Clear()
da = New SqlDataAdapter("SELECT * FROM student_info WHERE no= " & TextBox12.Text & "", DBConn)
Try
da.Fill(ds, "student_info")
Bind()
Catch ex As Exception
Exit Sub
End Try
pls convert this code to c#
pls pls
I think your problem is not that you cannot convert to C#. There are plenty of websites and tools that can do this for you. Try Google and you''ll find plenty of websites. I prefer Developer Fusion[^]. Actually a fellow CP''ian has written a blog post about this, especially because many people on CP ask for conversion tools. Read it here: .NET Code Conversion - Convert your code[^]
However, and I''m sorry to break this to you, but your code is flawed on many levels.
Take your query string, you simply build it and paste some user input in it. Well, suppose this user types something like; --drop table student_info
... Or worse! Even a simple and innocent input, like "D''Artagnan" will break your query. This is called SQL injection[^] and is very dangerous (and unfortunately very common).
So you need to parameterize your query. Luckily this is not hard. Consider the following code:
Dim cmd As New SqlCommand("SELECT * FROM student_info WHERE no = @Number", DBConn) cmd.Parameters.AddWithValue("@Number", CInt(TextBox12.Text)) da = New SqlDataAdapter(cmd) '...Notice how your code becomes better readable? Your query is now protected from SQL injection and "D''Artagnan" will not break it! What''s more, SQL servers performance will increase when you use parameterized queries. It''s a win win win situation!
However, this doesn''t fix everything. YourTextBox12.Text
is user input and thus must be validated. Perhaps the user didn''t enter a validInteger
value.
So consider the following code, using Integer.TryParse[^]:
Dim userInput As Integer If Integer.TryParse(TextBox12.Text, userInput) Then cmd.Parameters.AddWithValue("@Number", userInput) Else ' User did not type a valid numeric value. ' Possibly show them a MessageBox, whatever. End IfSo that brings us to the next point. Letting your users know if anything went wrong. You now catch an
Exception
and simply return like nothing happened. The user will wonder why they don''t see their records... If you do NOT handle anException
let it bubble up to the UI and at least show the user something has gone wrong there. Actually I have written an article on proper use ofTry Catch
blocks: Using Try... Catch..., Finally![^].
Another topic that article discusses is the Using block[^]. It''s about cleaning up resources, which I don''t see you do.
After you''re done with yourSqlCommand
, yourSqlConnection
or yourSqlDataAdapter
you should properly dispose of them. The rule here is that when an Object Implements IDisposable[^] you should call Dispose[^] once you''re done.
So now look at the completely revised code:
' I am assuming DBConn is a class field and might be used elsewhere. ' I assume ds is a class field. Try ds.Clear() ' Put your SqlCommand in a Using block. Using cmd As New SqlCommand("SELECT * FROM student_info WHERE no = @Number") ' Validate the users input. Dim userInput As Integer If Integer.TryParse(TextBox12.Text, userInput) Then ' The users input was valid. cmd.Parameters.AddWithValue("@Number", userInput) ' put your SqlDataAdapter in a Using block. ' Not sure if a SqlDataAdapter automatically opens a connection, so... DBConn.Open() Using da As New SqlDataAdapter(cmd) da.Fill(ds, "student_info") Bind() End Using Else ' The users input was invalid. MessageBox.Show("Please enter a valid numeric value") End If End Using Catch ex As Exception ' Perhaps log the Exception. MessageBox.Show(String.Format("An exception has occurred:{0}{1}", Environment.Newline, ex.Message)) Finally ' Closing a closed connection is not a problem. DBConn.Close ' Don't dispose the DBConn yet if it is used elsewhere. End TryThis code could be a lot more elegant. But this is a good start :)
I hope you learned a thing or two from my explanation. You can convert the code to C# yourself.
Good luck! :)
Try this:
http://www.developerfusion.com/tools/convert/vb-to-csharp/[^]
ds.Clear(); da = new SqlDataAdapter("SELECT * FROM student_info WHERE no= " + TextBox12.Text + "", DBConn); try { da.Fill(ds, "student_info"); Bind(); } catch { return; }
[edit]pre tag for C# added - PES[/edit]
这篇关于如何在C#中搜索记录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!