如何从数据库中获取变量的价格? [英] How to get a price from database in a variable?
本文介绍了如何从数据库中获取变量的价格?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
有人知道吗?
这是我的编码.
在数据库价格的此代码中,存在哪个数据类型为varchar,在此项目符号列表中,我给出了价格,但它仅获取字符串,但我希望该值而不是字符串,应像500这样传递值.
Can anyone know this.
This is my coding.
In this code in a database price is there which datatype is varchar and in this bulletedlist i have given the price but it gets only the string but i want that instead of string the value should be passed like 500.
protected void BulletedList3_Click(object sender, BulletedListEventArgs e)
{
price = BulletedList3.Items[e.Index].Value;
if (con.State == ConnectionState.Closed)
{
con.Open();
}
switch (price)
{
case "Below Rs.500/-":
SqlCommand cmd = new SqlCommand("select pro_img,pro_name,price from product where price='" + price + "' and status='A' and type='retail'", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
DataList1.DataSource = ds;
DataList1.DataBind();
break;
推荐答案
您需要解析字符串以提取价格值并使用结果传递给SQL命令.
您还应该学习将参数用于SQL命令而不是字符串连接,因为这会使您的应用程序最多打开 SQL注入 [ ^ ]攻击.
You need to parse the string to extract the price value and use the result to pass to the SQL command.
You should also learn to use parameters for SQL commands rather than string concatenation, as this opens your app up to SQL injection[^] attacks.
这篇关于如何从数据库中获取变量的价格?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
