2

这是一个简单的搜索页面 (search.aspx?title=Hello),我想在数据库中查询类似的匹配项。根据微软文档(http://msdn.microsoft.com/en-us/library/system.data.oledb.oledbparameter.aspx请参阅:备注)这是正确的方法,但参数(?)永远不会设置为查询字符串的值。 

        string sqlcmd = "SELECT * FROM TableName WHERE Title LIKE ?";

        OleDbCommand command = new OleDbCommand(sqlcmd, sqlcon);

        OleDbParameter p1 = new OleDbParameter("@p1", OleDbType.WChar);
        p1.Value =  Request.QueryString["title"];         

        OleDbDataAdapter da = new OleDbDataAdapter(command);
        da.SelectCommand.Parameters.Add(p1);

        DataTable dt = new DataTable();
        da.Fill(dt);

该参数永远不会更改为查询字符串,它只是执行查询 

        SELECT * FROM Table WHERE Title LIKE ?
4

2 回答 2

1

您可以尝试以下方法:

"SELECT * FROM Table WHERE Title LIKE @p1"

我认为这是在 ADO.Net 命令文本中使用参数时的惯例。

于 2013-10-17T21:00:06.080 回答
0

Here is my solution, you need to have single quotes around the question mark for the SQL to work. Complete solution:

sqlcon.Open();

        string sqlcmd = "SELECT * FROM TableName WHERE Title LIKE '%?%'";

        OleDbCommand command = new OleDbCommand(sqlcmd, sqlcon);     

        command.Parameters.Add(new OleDbParameter("p1", Request.QueryString["Title"]));

        OleDbDataAdapter da = new OleDbDataAdapter(command);

        DataTable dt = new DataTable();
        da.Fill(dt);
于 2013-10-17T23:37:01.500 回答