1. 首頁
  2. 問答
  3. 使用任何已輸入的文本框過濾DataGrid

使用任何已輸入的文本框過濾DataGrid

2014-03-13 26 views
1

該場景是應該有任何或多個TextBox不是空的並將其顯示在DataGridView上。使用任何已輸入的文本框過濾DataGrid

我認爲我的SQL不正確。

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click 

    Dim Command1 As New OleDbCommand 

    Dim i2 As Integer 
    Dim sql1 As String 

    Try 
     Dim cnn3 = New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=StudentInfoSysDB.accdb;") 
     cnn3.Open() 
     If txtID.Text <> "" OrElse txtLastN.Text <> "" OrElse txtFirstN.Text <> "" OrElse txtMiddleN.Text <> "" OrElse txtCourse.Text <> "" OrElse txtYear.Text <> "" OrElse txtGender.Text <> "" OrElse txtSection.Text <> "" Then 

      sql1 = "Select * from Students Where([ID],[LastName],[FirstName],[MiddleName],[Course],[Year],[Gender],[Section]) VALUES('" & txtID.Text & "','" & txtLastN.Text & "','" & txtFirstN.Text & "','" & txtMiddleN.Text & "','" & txtCourse.Text & "','" & txtYear.Text & "','" & txtGender.Text & "','" & txtSection.Text & "')" 
      Command1 = New OleDbCommand(sql1, cnn3) 
      i2 = Command1.ExecuteNonQuery 
      MessageBox.Show("Searching Done!") 
      ds.Clear() 
      Refresh() 
      cnn3.Close() 
     Else 
      MsgBox("Please Input Atleast 1 Field") 
     End If 
    Catch ex As Exception 

    End Try 

End Sub

來源

2014-03-13 powek posallas

+2

請不要用基於答案的新問題替換原來的問題。通過添加更新來編輯問題,或在回答 – equisde

回答

1

你說得對。您的SELECT聲明是錯誤的。所述SQL SELECT語法是:

SELECT column_name,column_name 
FROM table_name;

從不將用戶輸入與應用SQL以形成以避免SQL Injection attacks發送到數據庫的SQL。簡單的方法是使用參數化語句。參數化語句是SQL的變量部分被標記替換(通常是?)的地方。我

你應該這樣做,以填充結果DataGridView

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click 

Connection = New OleDb.OleDbConnection(Provider=Microsoft.ACE.OLEDB.12.0;Data Source=StudentInfoSysDB.accdb;) 

    Try 

     Connection.Open() 

     Dim SQLQuery = "SELECT * FROM Students WHERE ID = ? OR FirstName = ? OR MiddleName= ? " & _ 
         " OR LastName = ? OR Course = ? OR Year = ? OR Gender = ? OR Section = ?" 

     Dim sqlcommand As New OleDbCommand 
     With sqlcommand 
      .CommandText = SQlQuery 
      .Connection = Connection 
      .Parameters.AddWithValue("@p1", txtID.Text) 
      .Parameters.AddWithValue("@p2", txtFirstN.Text) 
      .Parameters.AddWithValue("@p3", txtMiddleN.Text) 
      .Parameters.AddWithValue("@p4", txtLastN.Text) 
      .Parameters.AddWithValue("@p5", txtCourse.Text) 
      .Parameters.AddWithValue("@p6", txtYear.Text) 
      .Parameters.AddWithValue("@p7", txtGender.Text) 
      .Parameters.AddWithValue("@p8", txtSection.Text) 
     End With 

     Dim ds As New DataSet 

     Dim Adapter As New System.Data.OleDb.OleDbDataAdapter(sqlcommand) 

     Adapter.Fill(ds) 

     DataGridView1.DataSource = ds.Tables(0) 

     SQLConnection.Close() 

    Catch ex As Exception 

     MsgBox(ex.Message) 

    End Try 

End Sub

注:上面的代碼不會合並字段進行搜索。它會查找任何與任何文本框的輸入相匹配的記錄。

來源

2014-03-13 11:29:39 equisde

+0

編輯請留下評論請檢查謝謝 –

+0

對不起我的錯誤。應該是'Dim Adapter As New System.Data.OleDb.OleDbDataAdapter(sqlcommand)'。編輯 – equisde

+0

標準表達式中的數據類型不匹配 「適配器填充錯誤突出顯示(ds1)」 –

相關問題

 相關問題