C# 如何从文本框执行SQL并在datagridview中显示?
下面是代码片段C# 如何从文本框执行SQL并在datagridview中显示?,c#,asp.net,oledb,C#,Asp.net,Oledb,下面是代码片段 string search = textBox1.Text; int s = Convert.ToInt32(search); string conn="Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\\Data.accdb"; string query="SELECT playerBatStyle FROM Player where playerID='" + s + "; OleDbDataAdapter dAdapter=n
string search = textBox1.Text;
int s = Convert.ToInt32(search);
string conn="Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\\Data.accdb";
string query="SELECT playerBatStyle FROM Player where playerID='" + s + ";
OleDbDataAdapter dAdapter=new OleDbDataAdapter (query ,conn );
OleDbCommandBuilder cBuilder=new OleDbCommandBuilder (dAdapter );
DataTable dTable=new DataTable ();
dAdapter .Fill (dTable );
dataGridView1.DataSource = dTable;
你发布的代码看起来不错。但也有一些修正:
...
//fix lots of missing quotation marks
string query="SELECT playerBatStyle FROM Player where playerID='" + s + "' ";
...
dataGridView1.DataBind(); //yes, we should call DataBind
PlayerID
在我看来是int
类型,这意味着您不需要在它周围加单引号
string query = "SELECT playerBatStyle FROM Player where playerID=" + s + ";
最后,您必须执行dataGridView1.DataBind()代码>如果要在DataGridView中显示结果
另一方面,通常建议用户不要在查询中包含值,这是不安全的您的where子句中有一个未关闭的单引号。请尝试以下方法:
string query = String.Format("SELECT playerBatStyle FROM Player where playerID={0}", s);
正如其他人提到的,s是int类型的,因此查询中不需要引号,您确实需要数据绑定行
此外,如果还没有,则在尝试将其转换为整数之前,需要检查文本框中是否存在值。您不需要OleDbCommandBuilder,因为DataAdapter在内部将命令作为SelectCommand属性处理。一定要考虑使用参数化查询,这将减少SQL注入漏洞。
以下是我的建议:
if (textBox1.Text != "")
{
string search = textBox1.Text;
int s = Convert.ToInt32(search);
string conn = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\\Local Docs\\Temp\\Data.accdb";
string query = "SELECT playerBatStyle FROM Player where playerID=@playerID";
OleDbDataAdapter dAdapter = new OleDbDataAdapter(query, conn);
dAdapter.SelectCommand.Parameters.AddWithValue("@playerID", s);
DataTable dTable = new DataTable();
dAdapter.Fill(dTable);
dataGridView1.DataSource = dTable;
dataGridView1.DataBind();
}
看看能不能帮你
注意。使用此查询检索与用户搜索相关的数据
“从玩家喜欢%'”+s+“'的玩家中选择玩家的游戏风格”代码>您能告诉我们您是否收到了特定的问题或错误消息吗?什么不起作用?