在VB.NET中使用SQL語言記錄搜索腳本

Question

我在SQL服務器腳本上有一個小問題，如果我選擇單選按鈕名稱將會查找第一個名字，但是如果我選擇公司基於公司名稱。這個程序上的搜索按鈕，酒店 下面的代碼

enter code here 
#Region "GuestList" 
Sub SearchRecord() 
    If TextBox1.Text = "" Then 
     MsgBox("Please Insert The Key", MsgBoxStyle.Information, "Searching Record") 
     TextBox1.Focus() 
     Exit Sub 
    End If 

    Try 
     If rdoname.Checked = True Then 
      dtadapter = New SqlDataAdapter("select firstname as [First Name],lastname as [Last Name], address as [Address], country as [Country], company as [Company], datein as [Date In], dateout as [Date Out], note as [Note] from tcekin Where fistname = '" & TextBox1.Text & "'", connection) 
     Else 
      dtadapter = New SqlDataAdapter("select firstname as [First Name],lastname as [Last Name], address as [Address], country as [Country], company as [Company], datein as [Date In], dateout as [Date Out], note as [Note] from tcekin Where company = '" & TextBox1.Text & "%'", connection) 
     End If 

     Dim tcekin As New DataTable 
     tcekin.Clear() 
     dtadapter.Fill(tcekin) 
     If tcekin.Rows.Count = Nothing Then 
      MsgBox("Data Not Found", MsgBoxStyle.Information, "Attention") 
      TextBox1.Clear() 
      TextBox1.Focus() 
      Exit Sub 
     End If 

    Catch ex As SqlException 
     MsgBox(ex.Message, MsgBoxStyle.Information, "Attention") 
    End Try 
End Sub 
#end region 

，我叫SearchRecord，但它不工作。

Answer 1

是的，需要研究SQL注入。

tcekin.Rows.Count = Nothing 

Count返回一個整數不是嗎？所以，它不會等於什麼，如果沒有記錄被返回，它將等於零。你可能沒有收到任何記錄，也不會觸發你的消息框，等等。