Studentname:當用戶輸入Id或名稱並單擊按鈕時,詳細信息應該顯示....如何?在Select語句中結合「AND」或「OR」
這裏我或子句未在SELECT語句工作:
public partial class StudentView : System.Web.UI.Page
{
SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["DBCS"].ConnectionString);
protected void Button1_Click(object sender, EventArgs e)
{
string str = "SELECT Registration.UsrFLname, Registration.UsrAddress, Students.STUID, Materials.BookID, Materials.BookName, Courses.CourseName, Courses.CourseFee FROM Courses INNER JOIN Materials ON Courses.BookID = Materials.BookID INNER JOIN Students ON Courses.STUID = Students.STUID AND Materials.STUID = Students.STUID INNER JOIN Registration ON Students.STUID = Registration.STUID AND Registration.UsrFLname = '" + TextBox1.Text + "' OR Students.STUID = '" + TextBox1.Text + "'";
con.Open();
SqlCommand cmd = new SqlCommand(str, con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds, str);
GDStudents.DataSource = ds;
GDStudents.DataBind();
}
}
誰能請在這個問題上幫助!
預先感謝!!
定義「不工作」。此外,您在此代碼中有SQL注入安全漏洞。 – JohnFx
爲了上帝的愛,請使用參數化查詢! – Lloyd
另外,您是否在鍵盤上找到了Enter/Return鍵?你有沒有聽說過SQL注入? –