如何在c＃中實現搜索功能？

Question

Db names
Click on this Image to see search functionality

下面的代碼是用於搜索功能，請幫助我完成它，並建議選擇查詢[字符串的SQLSelect =「」]我應該把這裏完成我的搜索，如果你們有任何想法請與我分享我真的需要幫助在此先感謝..

protected void btn_search_Click(object sender, EventArgs e) 
{ 
    string status = dd_status.SelectedValue.Trim(); 
    string address = pacinput.Text.Trim(); 
    string prop_type = string.Empty; 
    foreach (ListItem item in DropDownCheckBoxes1.Items) 
    { 
     if (item.Selected) 
     { 
      prop_type += item.Value + ","; 
     } 
    } 
    string type = prop_type.Trim(); 
    string minbed = dd_minbed.SelectedValue.Trim(); 
    string maxbed = dd_maxbed.SelectedValue.Trim(); 
    string minprice = dd_minprice.SelectedValue.Trim(); 
    string maxprice = dd_maxprice.SelectedValue.Trim(); 
    string sqlSelect = ""; 
    SqlCommand cmd = new SqlCommand(sqlSelect, con); 
    SqlDataAdapter da = new SqlDataAdapter(cmd); 
    DataTable dt = new DataTable(); 
    da.Fill(dt); 
    Session["dt"] = dt; 
    Response.Redirect("property_list.aspx"); 
} 

Answer 1

正如評論中所述，請始終使用參數化查詢，以防止SQL注入。回到你真正的問題，你應該開始一個查詢字符串，它給你整個結果集。此外，根據用戶輸入不斷輸入過濾器並延長您的查詢：

var sql = new StringBuilder(); 

//This will select all records from your table 
sql.Append("SELECT FROM YOUR TABLE WHERE 1=1"); 

// Check your conditions here 
if (dd_status.SelectedValue != null) //Or some other condition 
    sql.Append(" AND STATUS = @status"); 
// ... and so on for each filter 

//Finally with your sql command add necessary parameters 
using (SqlCommand cmd = new SqlCommand(sql.ToString(), conn)) 
{ 
    if (dd_status.SelectedValue != null) 
     cmd.Parameters.AddWithValue("@status", dd_status.SelectedValue); 
    // ... and so on for each filter 
}