根据一系列值(例如2000-3000)选择SQL数据 [英] Selecting SQL data based on a range of values ( such as 2000-3000 )

问题描述

sqlCmd = New SqlCommand(从表中选择*，其中(client_location ="& dd_State.SelectedItem.Text&"和client_pr_typ ="& amp; dd_Type.SelectedItem.文本&''和ClientPrice =''"& amp; dd_Type.SelectedItem.Text& amp;'')，con)


此代码不适用于ClientPrice
所以客户价格应该是ans，以便它能像这些类型值一样识别2000-30000
40000-500000
500000-600000
etc

sqlCmd = New SqlCommand("select * from table where (client_location=''" & dd_State.SelectedItem.Text & "'' and client_pr_typ=''" & dd_Type.SelectedItem.Text & "'' and ClientPrice=''" & dd_Type.SelectedItem.Text & "'') ,con)


this code dosen''t work for ClientPrice
so what should be ans for Client price so that it recognise like these type value 2000-30000
40000-500000
500000-600000
etc

推荐答案

好吧，您的代码被破坏的方式不止一种.

1-您正在表示层中调用SQL.玩的时候还可以，但是如果您能赚钱写代码，那将是不可接受的

2-您正在根据用户输入的文本构建SQL.这已经很糟糕了，即使您只是在玩耍和学习，也不要这样做.如果有人为我编写了此代码，他们将被立即解雇.您应该对SQL注入进行一些研究.我可以看到您正在使用下拉列表项，但这些项很容易被黑客入侵.另外，您应该编写高效的SQL，该SQL根据项目ID(而非字符串)查找内容.

至于你的问题.您也许应该购买一本有关SQL的书并阅读它，因为很显然您对此一无所知.首先，与在ASP.NET中执行此操作无关.其次，如果您的价格是一个数字，那么在您的数据库中，这意味着两件事:

a-您需要编写将文本转换成数字的代码，如果不是数字，则可以计算出来. int.TryParse将执行此操作.

b-您不必在SQL中将值放在引号中.然后，您可以使用BETWEEN运算符，或仅使用> =和< =来执行所需的操作.

我的主要建议是，如果您需要为此代码付款，则不必付款，无论哪种方式，您都应该购买一些书籍.

Well, your code is broken in more ways than one.

1 - you are calling SQL in your presentation layer. That''s fine while you are playing, but if you ever get paid to write code, it will be unacceptable

2 - you''re building SQL out of text the user has input. That''s bad enough that even while you''re just playing and learning, you should not do it. If anyone ever wrote this code working for me, they would be fired, right away. You should do some research on SQL injection. I can see that you''re using drop down list items, but these can be hacked easily. Also, you should write efficient SQL, which looks things up based on item ids, and not strings.

As to your question. You should perhaps buy a book on SQL and read it, because it''s clear you do not know anything about it. For a start, it is irrelevant that you''re doing this in ASP.NET. Second, if your price is a number, in your database, it means two things:

a - you need to write code that converts the text into a number, and works out if it''s not a number. int.TryParse will do this.

b - you need to not put the values in quotes in your SQL. Then you can use the BETWEEN operator or just >= and <= to do what you want.

My main advice is, if you''re being paid for this code, you need not to be, and either way, you should buy some books.

写道:​​

500000-600000

500000-600000

在-"上分割文本，然后重写查询以在这两个值之间进行选择(例如，myField> 50000和myField< 60000).

Split your text on the "-" and rewrite your query to select between these two values ( e.g. myField > 50000 and myField < 60000).

这篇关于根据一系列值(例如2000-3000)选择SQL数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！