请问如何转换这行代码:
Dim da As New SqlDataAdapter("select * from View_1 where Words_Sh like N'" & Me.txbSearch.Text & "%'", con)
在c#中
SqlDataAdapter da = new SqlDataAdapter("select * from View_1 where Words_Sh like N'" + this.txbSearch..Text + "%'", con);
// this line => error
您应该始终使用parameterized queries. 这种字符串连接对SQL Injection攻击开放。
你应该删除多余的点this.txbSearch..Text
SqlCommand cmd = new SqlCommand("select * from View_1 where Words_Sh LIKE ' + @txbSearch + '%'", con);
cmd.Parameters.AddWithValue("@txbSearch", this.txbSearch.Text);
SqlDataAdapter da = new SqlDataAdapter(cmd, con);