獲取查詢以處理參數和「like」

Question

我見過很多關於在Sql查詢和「like」中使用參數的問題，但我嘗試了所有我已經看到的編碼方式，但仍然無法獲得我的查詢結果。如果我在查詢本身中放置一個值，它運行良好。當我運行列出的第一個查詢時，出現錯誤「必須聲明標量變量」@Search「，但我認爲我是通過cmd.Parameters.AddWithValue語句來做到的。任何人都可以看到我可能做錯了什麼？ 。

  //Declare the connection object 
     SqlConnection Conn = new SqlConnection(); 
     Conn.ConnectionString = ConfigurationManager.ConnectionStrings["MyDatabase"].ConnectionString; 

     //Connect to the db 
     Conn.Open(); 

     //Define query 

     //This query doesn't work 
     string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%' + @Search + '%')"; 

     //This query doesn't work either 
     string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE @Search"; 

     //This query works 
     string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE 'MI'"; 

     //Declare the Command 
     SqlCommand cmd = new SqlCommand(sql, Conn); 

     //Add the parameters needed for the SQL query 
     cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%");   

     //Declare a SQL Adapter 
     SqlDataAdapter da = new SqlDataAdapter(sql, Conn); 

     //Declare a DataTable 
     DataTable dt = new DataTable(); 

     //Populate the DataTable 
     da.Fill(dt); 

     //Bind the Listview 
     lv.DataSource = dt; 
     lv.DataBind(); 

     dt.Dispose(); 
     da.Dispose(); 
     Conn.Close(); 

Answer 1

在你上面的代碼不使用的SqlDataAdapter的參數時，在下面的代碼，你會在命令中使用SqlDataAdapter。

//This query doesn't work 
    string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE @Search)"; 

    //Declare the Command 
    SqlCommand cmd = new SqlCommand(sql, Conn); 

    //Add the parameters needed for the SQL query 
    cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%"); 

    //Declare a SQL Adapter 
    SqlDataAdapter da = new SqlDataAdapter(); 

    **sa.SelectCommand = cmd** 

如果您想不使用這將工作的參數化查詢：

//Declare the connection object 
    //This query doesn't work 
    string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%" + **txtSearch.Text** + "%')"; 

    //Declare a SQL Adapter 
    SqlDataAdapter da = new SqlDataAdapter(sql, conn); 

Answer 2

string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE (State LIKE '%' + @Search + '%')"; 

cmd.Parameters.AddWithValue("@Search",txtSearch.Text); 

這應該工作

Answer 3

而不是使用一個SqlDataAdapter你可以使用SqlDataReader

SqlDataReader myReader = cmd.ExecuteReader(); 

DataTable dt = new DataTable(); 
dt.Load(myReader); 

你會在你的代碼注意到，該paramater連接到CMD未實際使用，因此SqlDataAdapter不知道該參數。

Answer 4

你的主要問題是，你不使用你已經建立，因爲此構造

SqlDataAdapter da = new SqlDataAdapter(sql, Conn); 

因此

你還沒有使用參數，唯一可行的查詢命令是不的一個使用任何（第三個）。你改變你使用的是構造後，你應該使用這個構造來代替（即使用SqlCommand創建的）

SqlDataAdapter da = new SqlDataAdapter(cmd); 

，以下兩種查詢將適用：

string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE @Search"; 
... 
cmd.Parameters.AddWithValue("@Search", "%" + txtSearch.Text + "%"); 

或本：

string sql = "SELECT CustomerID, LastName, FirstName, Email, Password, Address1, Address2, City, State, Zip, Phone, Fax FROM Customer WHERE State LIKE '%' + @Search + '%'"; 
... 
cmd.Parameters.AddWithValue("@Search", txtSearch.Text); 

Answer 5

除了接受的答案，不要忘記用方括號替換你的_，％。否則，它仍然會給出錯誤的結果。

txtSearch.Text.Replace("_","[_]").Replace("%","[%]")