在文本框中显示列表框中的其他信息 [英] Display additional information from the listbox in the textbox

问题描述

我可以单击框列表中的一项，例如ID.姓名 .在Tx Box中显示数据库中的手机号码.
我尝试过的事情:

Can I click on one of the items in the box list, such as the ID. name . Show the mobile number in the database in the Tx Box<

What I have tried:

private void listBox1_Click(object sender, EventArgs e)
      {
          int id = Convert.ToInt32(listBox1.Text);
         string query = "select * from rgstude where name = ''" + listBox1.Text + "'' ";
        SqlCommand cmd = new SqlCommand(query,con);
             txtname.Text = Name;
      }

推荐答案

不要那样做！切勿串联字符串以构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门，这可能会破坏整个数据库.始终改为使用参数化查询.

连接字符串时，会导致问题，因为SQL会收到以下命令:

Don''t do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:

SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'

用户添加的引号就SQL而言终止了字符串，您会遇到问题.但是情况可能更糟.如果我随便输入以下内容:"x"; DROP TABLE MyTable;-然后SQL会收到一个非常不同的命令:

The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x'';DROP TABLE MyTable;--" Then SQL receives a very different command:

SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'

哪个SQL可以将其视为三个单独的命令:

Which SQL sees as three separate commands:

SELECT * FROM MyTable WHERE StreetAddress = 'x';

一个完全有效的SELECT

A perfectly valid SELECT

DROP TABLE MyTable;

一个完全有效的删除表"命令

A perfectly valid "delete the table" command

--'

，其他所有内容都是注释.
这样做是:选择任何匹配的行，从数据库中删除该表，然后忽略其他任何内容.

所以总是使用参数化查询！或者准备经常从备份中还原数据库.您会定期备份吗?

并且...为了从数据库读取信息，您将需要两件事:
1)与数据库的开放连接.不要共享连接，创建它们并在需要时打开它们.它们是稀缺资源，如果您尝试回收它们，可能会在以后引起问题.理想情况下，建议在连接和命令周围使用using块.
2)创建SqlCommand并不意味着SQL将执行它！您需要调用ExecuteReader，ExecuteScalar，ExecuteReader或DataAdapter方法之一才能与数据库系统进行实际接口.

And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don''t you?

And ... in order to read information from the DB, you will need two things:
1) An Open connection to the DB. Don''t share connections, create them and open them when you need them. They are scarce resources and it can cause problems later if you try to recycle them. Ideally, a using block around the connection and command is recommended.
2) Creating an SqlCommand does not mean that SQL will execute it! You need to call ExecuteReader, ExecuteScalar, ExecuteReader, or one of the DataAdapter methods to actually interface with the DB system.

using (SqlConnection con = new SqlConnection(strConnect))
    {
    con.Open();
    using (SqlCommand cmd = new SqlCommand("SELECT Id, description FROM myTable where MyName=@Name", con))
        {
        cmd.Parameters.AddWithValue("@Name",tbUserName.Text);
        using (SqlDataReader reader = cmd.ExecuteReader())
            {
            while (reader.Read())
                {
                int id = (int) reader["Id"];
                string desc = (string) reader["description"];
                Console.WriteLine("ID: {0}\n    {1}", id, desc);
                }
            }
        }
    }

I want to display an ID in the text box by clicking on it

That''s what you said right
But I kicked the keyrie database
I showed the name in the list box
Now, by clicking on the name, I want to display the other information in the text box 

这篇关于在文本框中显示列表框中的其他信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！