0
我使用dynamicSQL這段代碼。DynamicSQL with ASP.NET參數未設置
問題是,在@ID_USER和@SEARCH停留在SQL查詢原始當我在運行時檢查cmd.CommandText價值,它讀取
"SELECT Comment FROM Comments WHERE UserId = @ID_USER AND Comment like '% @SEARCH %'"
所以語法是否正確和cmd.Parameters ResultView .SqlValuein VS2012爲我提供了正確的@USER_ID和@SEARCH 的輸入值謝謝。
{
List<string> searchResults = new List<string>();
//Get current user from default membership provider
MembershipUser user = Membership.Provider.GetUser(HttpContext.User.Identity.Name, true);
if (user != null)
{
if (!string.IsNullOrEmpty(searchData))
{
// SqlCommand cmd = new SqlCommand("Select Comment from Comments where UserId = '" + user.ProviderUserKey + "' and Comment like '%" + searchData + "%'", _dbConnection);
/**********************************************/
_dbConnection.Open();
const string QUERY =
@"SELECT Comment" +
@" FROM Comments" +
@" WHERE UserId = @ID_USER" +
@" AND Comment like '% @SEARCH %'";
var cmd = new SqlCommand(QUERY, _dbConnection);
cmd.Parameters.AddWithValue("@ID_USER", user.ProviderUserKey.ToString());
cmd.Parameters.AddWithValue("@SEARCH", searchData.ToString());
/**********************************************/
SqlDataReader rd = cmd.ExecuteReader();
while (rd.Read())
{
searchResults.Add(rd.GetString(0));
}
rd.Close();
_dbConnection.Close();
}
}
return View(searchResults);
}
你確定嗎?我在看那個頁面:http://stackoverflow.com/questions/1124723/how-to-add-quotes-to-a-dynamic-sql-command 現在它說名字'ID_USER'不存在在當前的情況下... –
我肯定有點什麼? – GarethD
它現在正在處理您的代碼,非常感謝,非常感謝 –