2015-11-05 49 views
-3

我有錯誤的文本框搜索數據庫。 數據庫是Northwind.dbo我有錯誤,當我搜索數據庫與文本框[C#]

當我在文本框中鍵入一個字符。它有這個錯誤 謝謝你的回答

enter image description here

enter image description here

using System; 
using System.Collections.Generic; 
using System.ComponentModel; 
using System.Data; 
using System.Drawing; 
using System.Linq; 
using System.Text; 
using System.Threading.Tasks; 
using System.Windows.Forms; 
using System.Data.SqlClient; 

namespace Lab10_2 { 
public partial class Form1 : Form 
{ 
    SqlConnection Conn; 
    SqlCommand Cmd; 
    SqlDataAdapter da; 
    DataSet ds; 
    DataTable dt; 
    SqlCommandBuilder CmdBld; 

    public Form1() 
    { 
     InitializeComponent(); 
    } 
    private void Form1_Load(object sender, EventArgs e) 
    { 
     savebtn.Enabled = false; 
     delbtn.Enabled = false; 
     editbtn.Enabled = false; 

     String StrConn = "Data Source=POOMJIRAROJ;Initial Catalog=Northwind;Integrated Security=True;Connect Timeout=15;Encrypt=False;TrustServerCertificate=False;ApplicationIntent=ReadWrite;MultiSubnetFailover=False"; 
     Conn = new SqlConnection(StrConn); 
     Conn.Open(); 
    } 
    private void loadbtn_Click(object sender, EventArgs e) 
    { 
     loadbtn.Enabled = false; 
     editbtn.Enabled = true; 
     delbtn.Enabled = false; 
     savebtn.Enabled = false; 

     String StrQry = "select *From Customers"; 
     Cmd = new SqlCommand(StrQry,Conn); 

     da = new SqlDataAdapter(Cmd); 
     ds = new DataSet(); 
     dt = new DataTable(); 
     da.Fill(ds, "Customers"); 
     dt = ds.Tables["Customers"]; 

     CmdBld = new SqlCommandBuilder(da); 

     dataGridView1.DataSource = dt; 
     dataGridView1.ReadOnly = true; 
     dataGridView1.SelectionMode = DataGridViewSelectionMode.FullRowSelect; 
     Conn.Close(); 
    } 
    private void editbtn_Click(object sender, EventArgs e) 
    { 
     dataGridView1.ReadOnly = false; 
     loadbtn.Enabled = false; 
     editbtn.Enabled = true; 
     delbtn.Enabled = true; 
     savebtn.Enabled = true; 
    } 
    private void savebtn_Click(object sender, EventArgs e) 
    { 
     da.Update(dt); 
     dataGridView1.ReadOnly = true; 

     savebtn.Enabled = false; 
     delbtn.Enabled = false; 
     editbtn.Enabled = true; 
    } 
    private void delbtn_Click(object sender, EventArgs e) 
    { 
     if(MessageBox.Show("Delete This Row","Delete",MessageBoxButtons.YesNo) == DialogResult.Yes) 
     { 
      dataGridView1.Rows.RemoveAt(dataGridView1.SelectedRows[0].Index); 
      da.Update(dt); 
     } 
    } 
    private void txtSearch_TextChanged(object sender, EventArgs e) 
    { 
     SqlDataAdapter StrQry = new SqlDataAdapter("Select CustomerID, CompanyName, ContractTitle, Country From Customers Where (CompanyName ' %" +txtSearch.Text+ "% ')", Conn); 
     ds = new DataSet(); 
     StrQry.Fill(ds); 
     dataGridView1.DataSource = ds; 
    } 
} 
} 
+0

您錯過了'LIKE'關鍵詞 – MethodMan

回答

1

你缺少在WHERE子句中的操作

SqlDataAdapter StrQry = new SqlDataAdapter(@" 
      Select CustomerID, CompanyName, ContractTitle, Country 
      From Customers Where CompanyName LIKE @search", Conn); 
StrQuery.SelectCommand.Parameters.Add("@search", SqlDbType.NVarWChar).Value = "%" + txtSearch.Text +"%"; 

的操作者需要完成where子句,我使用LIKE來搜索永遠y文本包含輸入的字母並使用參數執行搜索

從不使用字符串連接來構建sql命令。您的代碼可能會被一個簡單的技術侵入,這個簡單的技術叫做Sql Injection