在c中的一個晶體報告中顯示兩個表中的數據＃

Question

我想在晶體報告上顯示一些數據。在編寫代碼後，報告的發佈部分顯示得很好，而接收部分只顯示選定範圍內的第一個數據並重複數次。這裏是下面的代碼

public DataSet itembincardreport(string date1, string date2, string 
itemcode) 
    { 
     SqlCommand cmd = new SqlCommand(); 
     SqlConnection con = null; 
     Connection cs = new Connection(); 
     con = new SqlConnection(cs.DBcon); 
     con.Open(); 
     DataSet ds = new DataSet(); 
     frmReport frm = new frmReport(); 


     string sql = "select * from ISSUED, RECEIVED WHERE 
ISSUED.ITEMCODE=RECEIVED.ITEMCODE AND ISSUED.ITEMCODE = '" + itemcode + "' 
     AND RECEIVED.ITEMCODE = '" + itemcode + "' and ISSUED.TRANSDATE 
between '" + Convert.ToDateTime(date1) + "' and '" + 
Convert.ToDateTime(date2) + "' and RECEIVED.TRANSDATE between '" + 
Convert.ToDateTime(date1) + "' and '" + Convert.ToDateTime(date2) + "'"; 

     SqlDataAdapter dadbt = new SqlDataAdapter(sql, mycon.DBcon); 
     dadbt.Fill(ds); 
     dadbt.Dispose(); 
     return ds; 
    } 

Answer 1

你的問題的根本原因是查詢。無論接受和發佈的表格是否有多行匹配，我都不能說（您需要發佈比給出的截圖更好的示例表格數據），但是您在字符串中的查詢應該這樣寫：

string sql = 
    @"select * 
    from 
     ISSUED 
     inner join 
     RECEIVED 
     on 
     ISSUED.ITEMCODE=RECEIVED.ITEMCODE -- this is probably the fault 
              -- try joining on ISSUEDID = RECEIVED instead?? 
    where 
     ISSUED.ITEMCODE = @itemcode and 
     ISSUED.TRANSDATE between @date1 and @date2 and 
     RECEIVED.TRANSDATE between @date1 and @date2"; 

在後面的代碼，你應該叫：

var c = new SqlCommand(); 
c.CommandText = sql; 
c.Connection mycon; 
c.Parameters.AddWithValue("@itemcode", itemcode); 
c.Parameters.AddWithValue("@date1", Convert.ToDateTime(date1)); //you should make the method argument a DateTime 
c.Parameters.AddWithValue("@date2", Convert.ToDateTime(date2)); //you should make the method argument a DateTime 

SqlDataAdapter dadbt = new SqlDataAdapter(c); 

這就是如何正確地做數據庫查詢與參數。現在是否有重複的行或不純粹是下降到表的數據*，但至少你的SQL不受黑客的影響，它將'; DROP table issued; --的項目代碼加入並搞砸你的世界

*發佈一些詳細的示例數據，如果你需要幫助，我會編輯這個答案。看看SQLFiddle.com