3

我已经看到了很多关于在 Sql 查询和“like”中使用参数的问题,但我已经尝试了所有我见过的编码方式,但仍然无法让我的查询给出结果。如果我在查询本身中输入一个值,它运行良好。当我运行列出的第一个查询时,我收到错误“必须声明标量变量“@Search”,但我认为我是使用 cmd.Parameters.AddWithValue 语句做到的。谁能看到我可能做错了什么?感谢任何帮助.

            //Declare the connection object
        SqlConnection Conn = new SqlConnection();
        Conn.ConnectionString = ConfigurationManager.ConnectionStrings["MyDatabase"].ConnectionString;

        //Connect to the db
        Conn.Open();

        //Define query

        //This query doesn't work
        string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%' + @Search + '%')";

        //This query doesn't work either
        string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE @Search";

        //This query works
        string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE 'MI'";

        //Declare the Command
        SqlCommand cmd = new SqlCommand(sql, Conn);

        //Add the parameters needed for the SQL query
        cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%");           

        //Declare a SQL Adapter
        SqlDataAdapter da = new SqlDataAdapter(sql, Conn);

        //Declare a DataTable
        DataTable dt = new DataTable();

        //Populate the DataTable
        da.Fill(dt);

        //Bind the Listview
        lv.DataSource = dt;
        lv.DataBind();

        dt.Dispose();
        da.Dispose();
        Conn.Close();
4

5 回答 5

7

在上面的代码中,您没有使用 SqlDataAdapter 中的参数,在下面的代码中,您将在命令中使用 SqlDataAdapter。

    //This query doesn't work
    string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE @Search)";

    //Declare the Command
    SqlCommand cmd = new SqlCommand(sql, Conn);

    //Add the parameters needed for the SQL query
    cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%"); 

  //Declare a SQL Adapter
    SqlDataAdapter da = new SqlDataAdapter();

    **sa.SelectCommand = cmd**

如果您不想使用参数化查询,这将起作用:

 //Declare the connection object
    //This query doesn't work
    string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%" + **txtSearch.Text** + "%')";

  //Declare a SQL Adapter
    SqlDataAdapter da = new SqlDataAdapter(sql, conn);
于 2012-12-01T20:22:40.673 回答
5

您的主要问题是您没有使用由于此构造函数而构建的命令

SqlDataAdapter da = new SqlDataAdapter(sql, Conn);

因此,您也没有使用参数,唯一有效的查询是不使用任何参数的查询(第三个)。您应该改用此构造函数(使用创建的构造函数SqlCommand

SqlDataAdapter da = new SqlDataAdapter(cmd);

更改正在使用的构造函数后,将应用以下任一查询:

string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE @Search";
...
cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%");

或这个:

string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE '%' + @Search + '%'";
...
cmd.Parameters.AddWithValue("@Search", txtSearch.Text);
于 2012-12-01T20:58:42.367 回答
2 
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%' + @Search + '%')";

cmd.Parameters.AddWithValue("@Search",txtSearch.Text);

这应该工作

于 2012-12-01T20:33:37.083 回答
1

除了接受的答案,不要忘记用方括号替换你的 _, % 。否则它仍然会给出错误的结果。

txtSearch.Text.Replace("_","[_]").Replace("%","[%]")
于 2017-07-27T08:02:12.977 回答
0

您可以使用 SqlDataReader 而不是使用 SqlDataAdapter

SqlDataReader myReader = cmd.ExecuteReader();

DataTable dt = new DataTable();
dt.Load(myReader);

您会在您的代码中注意到,该参数附加到 cmd 上,但实际上并未使用该参数,因此 SqlDataAdapter 不知道该参数。

于 2012-12-01T20:42:08.670 回答