我已经看到很多关于在Sql查询和"喜欢"中使用参数的问题,但是我已经尝试过各种方式来编写代码并且仍然无法获得我的查询来给出结果.如果我在查询本身中放置一个值,它运行正常.当我运行列出的第一个查询时,我得到错误"必须声明标量变量"@Search"但我认为我使用cmd.Parameters.AddWithValue语句做了.有人能看到我可能做错了吗?任何帮助表示赞赏.
//Declare the connection object
SqlConnection Conn = new SqlConnection();
Conn.ConnectionString = ConfigurationManager.ConnectionStrings["MyDatabase"].ConnectionString;
//Connect to the db
Conn.Open();
//Define query
//This query doesn't work
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%' + @Search + '%')";
//This query doesn't work either
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE @Search";
//This query works
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE 'MI'";
//Declare the Command
SqlCommand cmd = new SqlCommand(sql, Conn);
//Add the parameters needed for the SQL query
cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%");
//Declare a SQL Adapter
SqlDataAdapter da = new SqlDataAdapter(sql, Conn);
//Declare a DataTable
DataTable dt = new DataTable();
//Populate the DataTable
da.Fill(dt);
//Bind the Listview
lv.DataSource = dt;
lv.DataBind();
dt.Dispose();
da.Dispose();
Conn.Close();
在上面的代码中,您没有使用SqlDataAdapter中的参数,在下面的代码中,您将在命令中使用SqlDataAdapter.
//This query doesn't work
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE @Search)";
//Declare the Command
SqlCommand cmd = new SqlCommand(sql, Conn);
//Add the parameters needed for the SQL query
cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%");
//Declare a SQL Adapter
SqlDataAdapter da = new SqlDataAdapter();
**sa.SelectCommand = cmd**
如果您不想使用参数化查询,这将起作用:
//Declare the connection object
//This query doesn't work
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%" + **txtSearch.Text** + "%')";
//Declare a SQL Adapter
SqlDataAdapter da = new SqlDataAdapter(sql, conn);
您的主要问题是您没有使用由于此构造函数而构建的命令
SqlDataAdapter da = new SqlDataAdapter(sql, Conn);
因此,您也没有使用参数,唯一有效的查询是不使用任何(第三个)的查询。您应该改用此构造函数(使用创建的构造函数SqlCommand)
SqlDataAdapter da = new SqlDataAdapter(cmd);
更改正在使用的构造函数后,将应用以下任一查询:
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE @Search";
...
cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%");
或这个:
string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE '%' + @Search + '%'";
...
cmd.Parameters.AddWithValue("@Search", txtSearch.Text);