C# listview的搜索框工作不正常
您好,我正在尝试创建一个搜索框来搜索ListView。我正设法做到这一点,如果我让它只按用户名搜索,它就会工作。一旦我用参数替换用户名,代码就不再工作。下面是我的代码:C# listview的搜索框工作不正常,c#,asp.net,sql-server,C#,Asp.net,Sql Server,您好,我正在尝试创建一个搜索框来搜索ListView。我正设法做到这一点,如果我让它只按用户名搜索,它就会工作。一旦我用参数替换用户名,代码就不再工作。下面是我的代码: string searchSelectBox = SearchSelectDropDown.SelectedItem.Text; GetAllUsersFromDb.SelectCommand = "SELECT aspnet_Users.UserName, aspnet_Roles.RoleName, " +
string searchSelectBox = SearchSelectDropDown.SelectedItem.Text;
GetAllUsersFromDb.SelectCommand =
"SELECT aspnet_Users.UserName, aspnet_Roles.RoleName, "
+ "aspnet_Membership.Email, aspnet_Membership.LastLoginDate "
+ "FROM aspnet_Users "
+ "INNER JOIN aspnet_UsersInRoles "
+ "ON aspnet_Users.UserId = aspnet_UsersInRoles.UserId "
+ "INNER JOIN aspnet_Roles "
+ "ON aspnet_UsersInRoles.RoleId = aspnet_Roles.RoleId "
+ "INNER JOIN aspnet_Membership "
+ "ON aspnet_Users.UserId = aspnet_Membership.UserId "
+ "WHERE @SelectField LiKE @Param";
GetAllUsersFromDb.SelectParameters.Clear();
GetAllUsersFromDb.SelectParameters.Add("SelectField" , searchSelectBox);
GetAllUsersFromDb.SelectParameters.Add("Param" , SearchBox.Text);
GetAllUsersFromDb.DataBind();
textListView.DataBind();
searchSelectBox可以采用的值是用户名、角色名和电子邮件
如果我将@SelectField替换为username并键入corect用户名,sear会工作,但它不会
这里有什么问题 试试这个
string searchSelectBox = SearchSelectDropDown.SelectedItem.Text;
GetAllUsersFromDb.SelectCommand =
string.Format("SELECT aspnet_Users.UserName, aspnet_Roles.RoleName,
aspnet_Membership.Email, aspnet_Membership.LastLoginDate
FROM aspnet_Users
INNER JOIN aspnet_UsersInRoles ON aspnet_Users.UserId = aspnet_UsersInRoles.UserId
INNER JOIN aspnet_Roles ON aspnet_UsersInRoles.RoleId = aspnet_Roles.RoleId
INNER JOIN aspnet_Membership ON aspnet_Users.UserId = aspnet_Membership.UserId
WHERE {0} LiKE @Param", searchSelectBox);
GetAllUsersFromDb.SelectParameters.Clear();
GetAllUsersFromDb.SelectParameters.Add("Param" , SearchBox.Text);
GetAllUsersFromDb.DataBind();
textListView.DataBind();
当您在其中放置断点时,SearchSelectDropDown.SelectedItem.Text的值是多少?该控件中的ListItems是如何添加的--硬编码的?动态添加?where不应该是这样的:
where用户名像@Param
-或者-where用户名像@SelectField
。您必须将数据库中的某些内容与输入进行比较,而不是将两个输入一起进行比较。哦,我看到了像@Param这样的“用户名”和像@Param这样的用户名。你不能将参数用作列名。参数仅用于数据值看起来很有用,但我建议确保searchSelectBox位于预期的3个字符串列表中,以避免SQL注入攻击……当然,您必须验证searchSelectBox是否为预期值。