CSHTML - SQL QUERY .... WHERE NAME = @ NameOne

2011-07-22 31 views 0 likes

我正在使用ASP.NET Razor。CSHTML - SQL QUERY .... WHERE NAME = @ NameOne

<form style="display:inline" name="formular1" method="post" action="default.cshtml"> 
          <select name="phone1" class="dropdown"> 
          @foreach(var row in db.Query("SELECT * FROM Handy")){ 
       <option value="@row.Handyname">@row.Handyname</option> 
      } 
             </select> 
     vs. 
          <select name="phone2" class="dropdown"> 
              @foreach(var row in db.Query("SELECT * FROM Handy")){ 
       <option value="@row.Handyname">@row.Handyname</option> 
      } 
             </select> 
     <input type="submit"/ value="Compare"> 
     </form> 
     @{ 
      var phoneOne = ""; 
      var phoneTwo = ""; 
        if(IsPost){ 

         // request input of the select forms 
         phoneOne = Request["phone1"]; 
         phoneTwo = Request["phone2"]; 
        } 
       }          
    </div> 

    <div class="content"> 
     <div class="start"> 
      <p><h2>@phoneOne</h2></p> 
      <ul> 
      @{ 
       if(IsPost){ 
        foreach(var row in db.Query("SELECT * FROM Handy WHERE [email protected]")){ 
       <li>processor: @row.Prozessor GHz</li> 
       <li>memory: @row.RAM MB Ram</li> 
       <li>weight: @row.Gewicht g</li> 
       <li>display: @row.Display ''</li> 
       <li>OS: @row.OS</li> 
      } 
       } 
      } 


      </ul> 
     </div>

獲取查詢錯誤：WHERE Handyname = @ phoneOne ...把它們全部正常工作。我究竟做錯了什麼？

謝謝:)！

來源

2011-07-22 gausss

什麼是錯誤？ SQL錯誤還是Razor？ – GalacticCowboy

回答

還不是很確定，但我認爲你需要更換此：

foreach(var row in db.Query("SELECT * FROM Handy WHERE [email protected]"))

有了這個：

foreach(var row in db.Query("SELECT * FROM Handy WHERE Handyname= " + phoneOne))

來源

2011-07-22 22:50:22 goenning

如果你採用這種方式，你需要非常小心地防止[SQL注入攻擊]（http://en.wikipedia.org/wiki/SQL_injection）。 –

如上所述here，請嘗試以下操作：

foreach(var row in db.Query("SELECT * FROM Handy WHERE [email protected]@phoneOne")){

來源

2011-07-22 23:51:47

是db Razor中對數據庫組件的引用？如果是這樣，它使用@ 0，@ 1，（索引）而不是命名參數。

foreach(var row in db.Query("SELECT * FROM Handy WHERE [email protected]"))

並通過該方法中的參數集合傳遞值。

來源

2011-09-16 01:52:40

相關問題

1. Where where sql query
2. SQLite Count where query
3. Timediff calucate where query
4. Laravel 5 Where Query
5. findFiles by where file name = some name？
6. fusiontable query for where
7. mysql complex where query
8. getContentResolver（）。query android where where子句
9. Sql where，order by，having和groupby query
10. $ _GET Double「WHERE」函數？name = Hannes

11. Generic DBContext for Where Query
12. MySQL Query Select Distinct Where
13. mongoose query .where/.and after .populate
14. sql query distinct join
15. MySQL Query where where Field_x`` Field_y` is lower than equal
16. SQL QUERY：複合
17. SQL QUERY ISSUE（NOT IN）
18. MSACCESS DateTIME SQL QUERY
19. Sql query building
20. sql query question/count
21. SQL Query - count - max
22. Activerecord query .where string as number
23. MySQL Query - SELECT DISTINCT ...（WHERE）問題
24. Rails 3. Where NOT query。如何？
25. Sql Select Query Timeout
26. PowerShell Where-Object $ _。name-like -in $ list
27. Sql server top query
28. INNER JOIN SQL QUERY
29. SQL PDO Query（）方法
30. sql query .. confused