C# 如何在txt输出期间仅选择现金并删除支票选项
我能得到一些帮助吗。我有一个如下所示的查询。现在它显示支票和现金。但我希望它只显示现金查询。是的,我相信我可以编辑它现在它容易受到SQL注入的攻击C# 如何在txt输出期间仅选择现金并删除支票选项,c#,sql,sql-server,visual-studio-2010,sql-server-2008,C#,Sql,Sql Server,Visual Studio 2010,Sql Server 2008,我能得到一些帮助吗。我有一个如下所示的查询。现在它显示支票和现金。但我希望它只显示现金查询。是的,我相信我可以编辑它现在它容易受到SQL注入的攻击 using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
namespace MyTestData
{
public partial class frmCollection : Form
{
public frmCollection()
{
InitializeComponent();
}
private void dtpFrom_ValueChanged(object sender, EventArgs e)
{
}
private void btnExtract_Click(object sender, EventArgs e)
{
SqlConnection objConn = new SqlConnection("MYCONNECTION STRING ETCETC");
SqlCommand objCmd = new SqlCommand("SELECT CONVERT(char(10),PaidDate,3)
AS PaidDate,InvoiceNo,PayerCode,CollectedFee,
( CASE ReceiptTypeID WHEN 'Cash' THEN 'CASH' WHEN 'Check' THEN 'CHEQUE' END )
AS ReceiptTypeID FROM InvoicePayment
WHERE (PaidDate >= CONVERT(datetime, '" + dtpFrom.Text + "', 105)) AND (PaidDate <= CONVERT(datetime, '" + dtpTo.Text + "', 105))", objConn);
SqlDataReader objReader;
objReader = objCmd.ExecuteReader();
System.IO.FileStream fs = new System.IO.FileStream("C:\\CMSExportedData\\Collection-" + DateTime.Now.ToString("dd-MM-yyyy") + ".txt", System.IO.FileMode.Create);
System.IO.StreamWriter sw = new System.IO.StreamWriter(fs, System.Text.Encoding.Default);
int count = 0;
while (objReader.Read())
{
for (int i = 0; i < 5; i++)
{
if (!objReader.IsDBNull(i))
{
string s;
s = objReader.GetDataTypeName(i);
//MessageBox.Show(s);
if (objReader.GetDataTypeName(i) == "char")
{
sw.Write(objReader.GetString(i));
}
else if (objReader.GetDataTypeName(i) == "money")
{
sw.Write(objReader.GetSqlMoney(i).ToString());
}
else if (objReader.GetDataTypeName(i) == "nvarchar")
{
sw.Write(objReader.GetString(i));
}
else if (objReader.GetDataTypeName(i) == "varchar")
{
sw.Write(objReader.GetString(i));
}
}
if (i < 4)
{
sw.Write("\t");
}
}
count = count + 1;
sw.WriteLine();
}
sw.Flush();
fs.Close();
objReader.Close();
objConn.Close();
MessageBox.Show(count + " records exported successfully.");
this.Close();
}
private void frmCollection_Load(object sender, EventArgs e)
{
}
private void dtpFrom_ValueChanged_1(object sender, EventArgs e)
{
}
}
}
编辑:以下是表格结构:
以下是一些示例数据:
SqlCommand objCmd = new SqlCommand("SELECT CONVERT(char(10),PaidDate,3) AS PaidDate,InvoiceNo,PayerCode,CollectedFee FROM InvoicePayment WHERE (PaidDate >= CONVERT(datetime, '" + dtpFrom.Text + "', 105)) AND (PaidDate <= CONVERT(datetime, '" + dtpTo.Text + "', 105)) AND ReceiptTypeID = 'Cash'", objConn);
请注意,我是如何删除case以显示其类型的,并在WHERE语句中添加了一个子句
还要尽量避免查询中的字符串连接,这会使您容易受到SQL注入的影响。尝试使用以下参数:
SqlCommand objCmd = new SqlCommand("SELECT CONVERT(char(10),PaidDate,3) AS PaidDate,InvoiceNo,PayerCode,CollectedFee FROM InvoicePayment WHERE (PaidDate >= CONVERT(datetime, @PAIDDATEFROM, 105)) AND (PaidDate <= CONVERT(datetime, @PAIDDATETO, 105)) AND ReceiptTypeID = 'Cash'", objConn);
SqlCommand.Parameters.Add("@PAIDDATEFROM", SqlDbType.DateTime).Value = dtpFrom.Text;
SqlCommand.Parameters.Add("@PAIDDATETO", SqlDbType.DateTime).Value = dtpTo.Text;
我只想看到现金
然后从大小写表达式中删除“Check”和“Check”,如下所示:
SELECT
CONVERT(char(10),PaidDate,3) AS PaidDate,InvoiceNo,
PayerCode, CollectedFee,
(CASE ReceiptTypeID
WHEN 'Cash' THEN 'CASH'
END ) AS ReceiptTypeID
...
更新:
你的代码容易受到SQL注入攻击。是的,先生,我明白。这只是一个测试SQL。您好,先生,我尝试过您的方法,但它显示了一个空的地方,以前他们是支票。您好,我已经编辑它的样本数据。回答你的问题。我根本不想让它显示支票。即使有支票,我也不希望它出现在txt中。只是现金。@Newbie抱歉,我需要查看一些表格中的示例数据,而不是您正在使用的代码,请向我展示表格中的一些行以及查询后的外观。对不起,我不知道我如何在这里添加图片显示给你。我已经链接了一个外部链接供您参考sirHi,我已经添加了示例数据。谢谢你,先生,这很有帮助。
SELECT
CONVERT(char(10), PaidDate,3) AS PaidDate,
InvoiceNo, CollectedFee, upper(ReceiptTypeID) AS ReceiptTypeID
FROM @Invoices
WHERE (PaidDate >= CONVERT(datetime, '20010101', 105))
AND (PaidDate <= CONVERT(datetime, '20120101', 105))
AND ReceiptTypeID IS NOT NULL
AND lower(ReceiptTypeID) <> 'cheque'