C# c在不起作用的条件下
我没有犯错误 但是列表框显示未过滤的值我想要在时间和结束之间获取值C# c在不起作用的条件下,c#,sql,sql-server,C#,Sql,Sql Server,我没有犯错误 但是列表框显示未过滤的值我想要在时间和结束之间获取值 String start_cd; String end_cd; int time_start_int; int time_end_int; opencon(); SqlCommand res = new SqlCommand("SELECT ID,Available,Type," + start_cd + "," + end_cd + " FROM " + going + " WHER
String start_cd;
String end_cd;
int time_start_int;
int time_end_int;
opencon();
SqlCommand res = new SqlCommand("SELECT ID,Available,Type," + start_cd + "," + end_cd + " FROM " + going + " WHERE " + start_cd + "!=0 or " + end_cd + "!=0 and " + start_cd + " >= " + time_start_int + " and " + start_cd + " <= " + time_end_int + "", con);
SqlDataAdapter sda_res = new SqlDataAdapter(res);
DataTable dt_res = new DataTable();
sda_res.Fill(dt_res);
listBox1.DataSource=dt_res;
listBox1.DisplayMember="ID";
listBox2.DataSource = dt_res;
listBox2.DisplayMember = start_cd;
SqlCommand res = new SqlCommand("SELECT ID,Available,Type,"'+ start_cd +'","' +
end_cd +'" FROM going
WHERE "'+ start_cd +'"!=0 or "'+ end_cd +'"!=0 and " +
time_start_int + " <= "'+ start_cd +'" <= " + time_end_int + "", con);
请记住,使用字符串连接SQL语句会使代码容易受到SQL注入攻击。您可以参考以获得一些关于如何避免SQL注入攻击的提示。首先,我使用括号表示or,因为and将首先计算,可能会导致删除所有筛选器,在第二部分中,我写时间\u start\u int+人们已经在您前面的问题中告诉您,连接字符串以创建查询是一种老式且有风险的做法。即使您坚持编写带有SQL注入问题的代码,也请花点时间编辑您的示例,这样就不需要滚动,滚动示例以尝试猜测错误是不必要的困难。+0:虽然可能是正确的,但没有解释什么是错误的你做到了,更重要的是为什么。我在“FOT”附近得到了错误的语法。FOT=start\u cdI希望这些变化能为您提供一些关于我所做工作的线索。
SqlCommand res = new SqlCommand("SELECT ID,Available,Type," + start_cd + "," +
end_cd + " FROM " + going +
" WHERE " + start_cd + "!=0 or " + end_cd + "!=0 and " +
time_start_int + " <= " + start_cd + " and " +
start_cd + " <= " + time_end_int + "",
con);
SqlCommand res = new SqlCommand("SELECT ID,Available,Type," + start_cd + "," +
end_cd + " FROM " + going +
" WHERE (" + start_cd + "!=0 or " + end_cd + "!=0 ) and " +
time_start_int + " <= " + start_cd + " and " + start_cd + " <= " + time_end_int + "", con);