0 
SqlDataAdapter da = 
    new SqlDataAdapter("SELECT * 
        FROM Patient 
        Where Registration_Id = '" + textBox1.Text + "'  
           OR Patient_Name = '" + textBox1.Text + "'", cn);

如何在所有字段中搜索 int 或 string?

编辑代码:

if (comboBox1.Text == "Registration_Id") 
{ 
    da = new SqlDataAdapter("SELECT * 
                            FROM Patient 
                            Where Registration_Id = '" + textBox1.Text + "'", cn); 
} 
else if (comboBox1.Text == "Patient_Name") 
{ 
    da = new SqlDataAdapter("SELECT * 
                            FROM Patient 
                            Where Patient_Name = '" + textBox1.Text + "'", cn); 
}
4

1 回答 1

0

对于一种方法,该方法可能会受到 SQL 注入攻击,因此您需要对其进行清理。否则,一种解决方案(在检查攻击之后)是:

SELECT * 
FROM Patient 
Where column1 like "'%" + textBox1.Text + "%'" 
   or column2 like "'%" + textBox1.Text + "%'"
   ......
   or columnn like "'%" + textBox1.Text + "%'"

如果他们不知道项目的 id 则不要检查该列,这可以使这变得更简单。否则有一个下拉列表来选择他们正在搜索的列。

于 2012-04-04T20:13:34.303 回答