我目前正在嘗試在VB.NET中的頁面上創建一個搜索功能,這將允許我從名爲txtSearch的文本框中搜索數據庫中的customerID,然後將其呈現到數據網格中。SQL for oledbDataAdapter搜索功能
到目前爲止,我可以用
SELECT * FROM Customers WHERE CustomerID LIKE 'A%'
顯示在客戶的手工,但無法弄清楚如何使用將被輸入到文本框中的數據替換一個。
您可以使用parameters在傳遞到查詢,使用的語法如下:
SELECT * FROM Customers
WHERE CustomerID LIKE @SearchTerm + '%'
在VB.NET:
Dim strQry as String =
"SELECT * FROM Customers WHERE CustomerID LIKE @SearchParam + '%'"
Dim cmd as SqlCommand = new SqlCommand(strQry, connection)
cmd.CommandType= CommandType.Text
Dim prm As SqlParameter = new SqlParameter("@SearchParam",SqlDbType.VarChar,50)
prm.Direction=ParameterDirection.Input
prm.Value = txtUser.Text
cmd.Parameters.Add(prm)
嘗試使用下面的代碼(只是初始化連接):
Dim dataTable As New DataTable()
Using connection As New OleDbConnection()
'connection.ConnectionString = String.Format("Provider=Microsoft.Jet.OLEDB.4.0;Data Source={0}", MapPath("~/App_Data/nwind.mdb"))
Dim adapter As New OleDbDataAdapter(String.Empty, connection)
adapter.SelectCommand.CommandText = String.Format("SELECT * FROM [Customers] WHERE [CustomerID] LIKE @SearchTerm + '%'")
Dim parameter As OleDbParameter = adapter.SelectCommand.Parameters.Add("@SearchTerm", OleDbType.VarChar)
parameter.Value = txtSearch.Text.Trim()
adapter.Fill(dataTable)
End Using
該方法將允許連接所需的SELECT狀態nt,並避免SQL Injections。