0

我有一个问题让我陷入困境,我无法找到任何解决方案,非常需要你的帮助:实际上我需要在员工表上进行某种搜索,就像我需要搜索所有女性或女性员工一样有博士等,我为此创建了一个函数,它使用 if 条件查询员工表,并且此搜索的结果出现在允许分页为 true 的 gridview 中,问题是每当我单击下一步转到 gridview 中的其他页面时做一个完整的回帖并再次绑定到gridview数据源,当我给gridview数据源提供下面的函数(DetailedSearch)时,当它进入该函数时,它会从第一个if条件开始读取,而不是进入那个特定的if条件,然后它抛出异常你调用的对象是空的

这是我的代码(它只是它的一部分而不是完整代码):

    public DataTable DetailedSearch()
    {
        con.Open();
        SqlDataAdapter da=new SqlDataAdapter();


         if (FirstName != string.Empty)
         {
             if (FirstName != string.Empty && LastName != "--Letters--")
             {
                 da = new SqlDataAdapter("select * from employee where firstname ='" + FirstName.ToString() + "'"+"and lastname like '"+LastName.ToString()+"%'", con);
             }
             else if(FirstName!=string.Empty && Gender!="{Please Select}")
             {
                 da = new SqlDataAdapter("select * from employee where firstname ='" + FirstName.ToString() + "'" + "and gender='" + Gender.ToString() + "'", con);

             }
             else if(FirstName!=string.Empty && MaritalStatus!="{Please Select}")
             {
                 da = new SqlDataAdapter("select * from employee where firstname ='" + FirstName.ToString() + "'" + "and maritalstatus='" + MaritalStatus.ToString() + "'", con);
             }
             else if(FirstName!=string.Empty && Qualification!="{Please Select}")
             {
                 da = new SqlDataAdapter("select * from employee where firstname ='" + FirstName.ToString() + "'" + "and qualification='" + Qualification.ToString() + "'", con);
             }
             else if(FirstName!=string.Empty && GraduationDate!=DateTime.MinValue)
             {
                 da = new SqlDataAdapter("select * from employee where firstname ='" + FirstName.ToString() + "'" + "and graduationdate='" + GraduationDate.ToString() + "'", con);
             }
             else if(FirstName!=string.Empty && Province!="{Please Select}")
             {
                 da = new SqlDataAdapter("select * from employee where firstname ='" + FirstName.ToString() + "'" + "and province='" + Province.ToString() + "'", con);
             }
             else if(FirstName!=string.Empty && LastEmployer!=string.Empty)
             {
                 da = new SqlDataAdapter("select * from employee where firstname ='" + FirstName.ToString() + "'" + "and lastemployer='" + LastEmployer.ToString() + "'", con);
             }
            else if(FirstName!=string.Empty && EnteredBy!="{Please Select}")
             {
                 da = new SqlDataAdapter("select * from employee where firstname ='" + FirstName.ToString() + "'" + "and enteredby='" + EnteredBy.ToString() + "'", con);
             }
             else if (FirstName != string.Empty && DateEntered != DateTime.MinValue)
             {
                 da = new SqlDataAdapter("select * from employee where firstname ='" + FirstName.ToString() + "'" + "and dateentered='" + DateEntered.ToString() + "'", con);
             }
             else
             {
                 da = new SqlDataAdapter("select * from employee where firstname ='" + FirstName.ToString() + "'", con);
             }
         }
         else if (LastName != "--Letters--")
         {
                if (LastName != "--Letters--" && Province != "{Please Select}")
                 {
                     da = new SqlDataAdapter("select * from employee where lastname like'" + LastName.ToString() + "%'" + "and province='" + Province.ToString() + "'", con);
                 }
                else if (Gender != "{Please Select}" && LastName != "--Letters--")
                {
                    da = new SqlDataAdapter("select * from employee where gender='" + Gender.ToString() + "'" + "and lastname like '" + LastName.ToString() + "%'", con);
                }
        DataTable dt = new DataTable();
        da.Fill(dt);
        con.Close();
        return dt;

    }

请帮我弄清楚该怎么做,因为我完全空白并且没有逻辑出现在我的脑海中,我必须放置 if 子句,因为根据搜索,查询可能不一样,但是如何让 gridview 分页意识到这一点:(

提前致谢

4

1 回答 1

0

确实,该代码中有很多可以改进的地方...

  1. 你在FirstName != string.Empty重复做,但你已经在第一个 if 中测试过了。
  2. 你应该换成单曲if(!String.IsNullOrEmpty(FirstName))
  3. 您应该使用sql 参数而不是字符串连接,因为这样可以避免潜在的 sql 注入
  4. 您不应该传递字段的默认用户界面,例如“请选择”。如果选择默认值,则传递 null 或空值

虽然这没有具体回答或提问,但它是一个很好的指导 - 事实上,如果您尝试应用这些更改,它甚至可以解决您在此过程中遇到的问题

于 2012-08-11T03:49:56.300 回答