0

我的网页上有一个搜索按钮,它应该从数据库中返回与输入的搜索词相似的主题名称,但是当我使用以下代码时我没有得到任何输出......请帮我做。 ..

这是我的 C# 代码

     protected void Button1_Click(object sender, ImageClickEventArgs e)
    {
        MySqlConnection connection = new MySqlConnection("server=localhost; database=e-learningsystem; uid=root; password=123;port=3307;");
        connection.Open();
        string srh = editbox_search.Type;
        try
        {
          MySqlCommand cmd = new MySqlCommand("SELECT * FROM subject WHERE Name= LIKE %'" + srh + "'%", connection);
            MySqlDataAdapter da = new MySqlDataAdapter(cmd);
            DataSet ds = new DataSet();
            da.Fill(ds);
            GridView1.DataSource = ds;
            GridView1.DataBind();
            connection.Close();

        }
        catch
        {
        }

asp.net 代码:

    <input name="editbox_search" class="editbox_search" id="editbox_search" 
              maxlength="80" type="text" 
              style="background-color: #99CCFF; margin-top: 0px; height: 15px;" runat="server" 
              enableviewstate="True" title="Search Courses:" clientidmode="Inherit" 
              dir="ltr" visible="True"/>            
        <asp:Button ID="Button1" 
              runat="server" Height="26px" Text="Go" Width="32px" />

    <asp:GridView ID="GridView1" runat="server" ShowFooter="True"
         Caption="<h3 style='background-color:teal;color:white;'>Search Results...</h3>" 
        BackColor="LightGoldenrodYellow" BorderColor="Tan" 
        BorderWidth="1px" CellPadding="2" ForeColor="Black" GridLines="None">
    </asp:GridView>
4

4 回答 4

0

试试这个查询

SELECT * FROM subject WHERE Name LIKE %'" + srh + "'%
于 2013-07-27T18:05:06.300 回答
0

试试这个:

protected void Button1_Click(object sender, ImageClickEventArgs e)
{
    MySqlConnection connection = new MySqlConnection("connection string removed");
    connection.Open();

    try
    {
        var cmd = new MySqlCommand("SELECT * FROM subject WHERE Name LIKE '%'+@input+'%'", connection);
        cmd.CommandType = CommandType.Text;
        cmd.Parameters.AddWithValue("@input", editbox_search.Text);
        MySqlDataAdapter da = new MySqlDataAdapter(cmd);
        MySqlDataReader dr = cmd.ExecuteReader();
        da.Fill(dr);
        GridView1.DataSource = dr;
        GridView1.DataBind();
        connection.Close();

    }
    catch (Exception e)
    {
       // log the exception
    }
}
于 2013-07-27T17:57:16.107 回答
0

您的查询有误,请按以下方式更正。

MySqlCommand cmd = new MySqlCommand("SELECT * FROM subject WHERE Name LIKE '%" + srh + "%'", connection);
于 2013-07-27T17:42:07.953 回答
0

首先,使用参数化命令来避免 SQL 注入。其次,我认为您要查找的值在Text输入的属性中,而不是Type属性中。最后,单引号超出匹配字符,即'%searchvalue%'.

protected void Button1_Click(object sender, ImageClickEventArgs e)
{
    MySqlConnection connection = new MySqlConnection("connection string removed");
    connection.Open();

    try
    {
        var cmd = new MySqlCommand("SELECT * FROM subject WHERE Name LIKE '%@input%'", connection);
        cmd.Parameters.Add("@input", editbox_search.Text);
        MySqlDataAdapter da = new MySqlDataAdapter(cmd);
        DataSet ds = new DataSet();
        da.Fill(ds);
        GridView1.DataSource = ds;
        GridView1.DataBind();
        connection.Close();

    }
    catch (Exception e)
    {
       // log the exception
    }

}

于 2013-07-27T17:48:12.327 回答