这让我发疯!认为我已经尝试了一切,只是无法弄清楚发生了什么。更糟糕的是,我无法访问 SQL 服务器上的 SQL Profiler。
发送到该方法的测试值是“Barrihead Townswomen's Guild Collection”
如您所见,我正在使用替换将单个撇号更改为双撇号。我在想这以某种方式弄乱了SQL!
当我将值通过管道传输到命令参数时,我的查询没有返回任何结果。但是,如果我只是将变量直接包含在查询中,它就可以工作。
这是查询(为简洁起见,已将其剥离):
public DataTable select_advancedSearch(string collection)
{
string cnn = ConfigurationManager.ConnectionStrings[connname].ConnectionString;
using (SqlConnection connection = new SqlConnection(cnn))
{
string SQL = string.Empty;
SQL = "SELECT tbl1.ResourceID, tbl1.ItemTitle, tbl1.Type, tbl1.Description, tbl1.CollectionTitle ";
SQL += "FROM [ercHeritage].[dbo].[ERC_HERITAGE_CORE] tbl1 ";
SQL += "WHERE tbl1.CollectionTitle LIKE '%'+ @Input1 +'%' ";
using (SqlCommand command = new SqlCommand(SQL, connection))
{
command.Parameters.Add("@Input1", SqlDbType.NVarChar,255);
command.Parameters["@Input1"].Value = collection.Replace("'", "''").Trim();
DataTable MyTable = new DataTable();
try
{
connection.Open();
SqlDataAdapter MyAdaptor = new SqlDataAdapter();
MyAdaptor.SelectCommand = command;
MyAdaptor.Fill(MyTable);
}
catch (Exception)
{
System.Web.HttpContext.Current.Response.Write("There was a problem with your request.");
}
return MyTable;
}
}
}
任何答案表示赞赏!
谢谢艾伦