如何從文本框中執行SQL並顯示在datagridview中？

Question

這裏是代碼片段

string search = textBox1.Text; 
int s = Convert.ToInt32(search); 
string conn="Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\\Data.accdb"; 
string query="SELECT playerBatStyle FROM Player where playerID='" + s + "; 
OleDbDataAdapter dAdapter=new OleDbDataAdapter (query ,conn); 
OleDbCommandBuilder cBuilder=new OleDbCommandBuilder (dAdapter); 
DataTable dTable=new DataTable(); 
dAdapter .Fill (dTable); 
dataGridView1.DataSource = dTable; 

Answer 1

您發佈的代碼看起來還好。一些更正雖然：

... 
    //fix lots of missing quotation marks 
    string query="SELECT playerBatStyle FROM Player where playerID='" + s + "' "; 
    ... 
    dataGridView1.DataBind(); //yes, we should call DataBind 

Answer 2

PlayerID看起來int型我，這意味着你不需要把單引號周圍

string query = "SELECT playerBatStyle FROM Player where playerID=" + s + "; 

在最後你會做dataGridView1.DataBind();，如果你想在DataGridView中顯示結果

在附註上總是建議用戶parametrized query而不是查詢中的協調值，這不是安全的

Answer 3

您在where子句中有未封閉的單引號。試試這個：

string query = String.Format("SELECT playerBatStyle FROM Player where playerID={0}", s); 

Answer 4

正如其他人所說，s是int類型，以便在查詢不需要報價，你需要的數據綁定線。另外，如果你還不是，那麼在嘗試將其轉換爲整數之前，你需要檢查文本框中是否存在一個實際存在的值。您不需要OleDbCommandBuilder，因爲DataAdapter將內部命令作爲SelectCommand屬性進行處理。絕對考慮使用參數化查詢，這將減少sql注入漏洞。

下面結合我的建議：

if (textBox1.Text != "") 
{ 
    string search = textBox1.Text; 
    int s = Convert.ToInt32(search); 
    string conn = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\\Local Docs\\Temp\\Data.accdb"; 
    string query = "SELECT playerBatStyle FROM Player where playerID=@playerID"; 
    OleDbDataAdapter dAdapter = new OleDbDataAdapter(query, conn); 
    dAdapter.SelectCommand.Parameters.AddWithValue("@playerID", s); 
    DataTable dTable = new DataTable(); 
    dAdapter.Fill(dTable); 
    dataGridView1.DataSource = dTable; 
    dataGridView1.DataBind(); 
} 

Answer 5

看看this example可以幫助你，

問候。

Answer 6

使用此查詢來檢索與用戶搜索數據

"Select playerBatStyle from Player where Player like %'"+s+"'";