0

我开发了一个搜索页面,其中包含一个文本框控件,用于输入数字和按钮以在 Gridview 中显示相应的结果。页面功能关闭存储过程。当我手动输入数字时,通过 SQL Server 管理器运行 sql 查询返回预期结果,但在我的存储过程中使用时,我得到零结果。

这是按钮事件处理程序背后的代码:

Dim ds As New DataSet()

        Using connection As New SqlConnection(ConfigurationManager.ConnectionStrings("ShipperNotificationConnectionString1").ToString())
            Using command As New SqlCommand()
                command.CommandType = CommandType.StoredProcedure
                command.CommandText = "getPON"
                command.Connection = connection

                command.Parameters.AddWithValue("@PON", txtPON.Text)

                connection.Open()
                Dim a As New SqlDataAdapter(command)
                a.Fill(ds)
            End Using
        End Using

        gvPON.DataSource = ds
        gvPON.DataBind()

...以下是存储过程:

ALTER PROCEDURE [dbo].[getPON]
(
    @PON varchar
)
AS
BEGIN
  SELECT     SupplierCompany.company_name, SupplierCompany.Address1, SupplierCompany.Address2, SupplierCompany.City, SupplierCompany.State, 
                      SupplierCompany.Zip, Shipment_Po.PONumber, Shipment.TotalWeight, Shipment.NoOfPallets, Shipment.PalletIdentical
FROM         SupplierCompany INNER JOIN
                      Shipment ON SupplierCompany.Company_guid = Shipment.Company_Guid INNER JOIN
                      Shipment_Po ON Shipment.Shipment_Guid = Shipment_Po.Shipment_guid
             WHERE Shipment_Po.PONumber = '''+ @PON +'''
END

...有人可以提供一些方向吗?

4

1 回答 1

1

问题是存储过程。表达方式:

         WHERE Shipment_Po.PONumber = '''+ @PON +'''

是不是按照你的想法去做。它正在进行以下比较:

         WHERE Shipment_Po.PONumber = '+@PON+'

或类似的东西。换句话说,您将动态 SQL 表达式与常规 SQL 混合在一起。尝试做:

         WHERE Shipment_Po.PONumber = @PON

如果您担心转换为正确的类型:

         WHERE Shipment_Po.PONumber = (case when isnumeric(@PON) = 1 then cast(@PON as int) end)
于 2013-08-26T01:12:25.240 回答