Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/318.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# 我需要从数据库sql中获取多个值_C#_Asp.net_Sql_Database_Select - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# 我需要从数据库sql中获取多个值

C# 我需要从数据库sql中获取多个值

c# asp.net sql database select

C# 我需要从数据库sql中获取多个值,c#,asp.net,sql,database,select,C#,Asp.net,Sql,Database,Select,我需要从数据库中获取6个值,并将它们绑定到链接按钮文本中。她就是代码 public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { //string post = Request.QueryString["post"]; ////string title = "nokia"; s

我需要从数据库中获取6个值,并将它们绑定到链接按钮文本中。她就是代码

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        //string post = Request.QueryString["post"];
        ////string title = "nokia";

        string date = DateTime.Now.ToShortDateString();
        SqlConnection conn = new SqlConnection(); 

        conn.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\nokiaoaq\Desktop\WebSite1\App_Data\Database.mdf;Integrated Security=True;User Instance=True";
        try
        {
            conn.Open();
            //string str = "insert into Table1 (title , date_ ,www, cat) values  (' " + TextBox1.Text + "','" + DateTime.Now.ToShortDateString() + "','" + TextBox2.Text + "','" + DropDownList1.SelectedItem.Text + "')";
            ////string str = "INSERT INTO Table1  (title,date_,www ) values ('ddddddd','aaaaaaa','qqqqqq')";


            string str =
                //"SELECT   from table1  WHERE  cat = 1 and datee='" + date + "'ORDER BY datee";
            "SELECT table1.title  FROM table1 WHERE cat = 1 and datee='" + date + "'ORDER BY datee DESC";

            SqlCommand objcmd = new SqlCommand(str, conn);
            SqlDataAdapter da1 = new SqlDataAdapter(objcmd);
            DataTable dt = new DataTable();
            da1.Fill(dt);

            //DataRow dr = new DataRow();
            //DataRow dr = ds.Tables[0].Rows[0];

            foreach (DataRow dr in dt.Rows)
            {
                ml1.Text = dr[0].ToString();
                ml2.Text = dr[1].ToString();
                ml3.Text = dr[2].ToString();
                ml4.Text = dr[3].ToString();
                ml5.Text = dr[4].ToString();
                ml6.Text = dr[5].ToString();
            }
        }
        catch (Exception ex)
        {
            Label4.Text = "Failed to connect to data source";
        }
        finally
        {
            conn.Close();
        }
    }
}
ml是链接按钮id

您试图从返回到6个不同文本框的行中分配6个字段,但select查询只要求一个字段。如果希望返回多个字段,请将其名称添加到select查询(将fieldX更改为相应的字段名称)

也不要使用字符串连接来构建sql语句。始终使用参数化查询

SqlCommand objcmd = new SqlCommand(str, conn);
objcmd.Parameters.AddWithValue("@dt", datee);
.....
这将避免格式化字符串、日期、数字等方面的问题,还可以避免sql注入问题

顺便说一句,我希望您的代码只返回一行,因为现在,如果您返回了多行,那么文本框中将只显示日期最早的一行。(如果是这样的话,那么命令是无用的)。如果返回的行不止一行,则应该考虑将DATATET绑定到GRIDVIEW,以显示返回的所有记录。代码不起作用吗?会发生什么?是否存在任何错误?警告您的代码升级了一个可能会引入sql注入攻击的错误模式。可能只有一条记录的Cat为1,并且给定的日期使用foreach循环和整数解决了此问题。但是,对于升级由where子句控制的参数化查询,感谢+1。但他从行中读取了6个字段,只要求一个字段 
SqlCommand objcmd = new SqlCommand(str, conn);
objcmd.Parameters.AddWithValue("@dt", datee);
.....