2011-08-15 38 views
0

这里是代码片段如何从文本框中执行SQL并显示在datagridview中?

string search = textBox1.Text; 
int s = Convert.ToInt32(search); 
string conn="Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\\Data.accdb"; 
string query="SELECT playerBatStyle FROM Player where playerID='" + s + "; 
OleDbDataAdapter dAdapter=new OleDbDataAdapter (query ,conn); 
OleDbCommandBuilder cBuilder=new OleDbCommandBuilder (dAdapter); 
DataTable dTable=new DataTable(); 
dAdapter .Fill (dTable); 
dataGridView1.DataSource = dTable; 
+0

你能告诉我们,如果有你得到一个特定的问题或错误消息?什么不工作? –

回答

0

您发布的代码看起来还好。一些更正虽然:

... 
    //fix lots of missing quotation marks 
    string query="SELECT playerBatStyle FROM Player where playerID='" + s + "' "; 
    ... 
    dataGridView1.DataBind(); //yes, we should call DataBind 
0

PlayerID看起来int型我,这意味着你不需要把单引号周围

string query = "SELECT playerBatStyle FROM Player where playerID=" + s + "; 

在最后你会做dataGridView1.DataBind();,如果你想在DataGridView中显示结果

在附注上总是建议用户parametrized query而不是查询中的协调值,这不是安全的

1

您在where子句中有未封闭的单引号。试试这个:

string query = String.Format("SELECT playerBatStyle FROM Player where playerID={0}", s); 
+0

哦是的,非常感谢詹姆斯(杰米) –

1

正如其他人所说,s是int类型,以便在查询不需要报价,你需要的数据绑定线。另外,如果你还不是,那么在尝试将其转换为整数之前,你需要检查文本框中是否存在一个实际存在的值。您不需要OleDbCommandBuilder,因为DataAdapter将内部命令作为SelectCommand属性进行处理。绝对考虑使用参数化查询,这将减少sql注入漏洞。

下面结合我的建议:

if (textBox1.Text != "") 
{ 
    string search = textBox1.Text; 
    int s = Convert.ToInt32(search); 
    string conn = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\\Local Docs\\Temp\\Data.accdb"; 
    string query = "SELECT playerBatStyle FROM Player where [email protected]"; 
    OleDbDataAdapter dAdapter = new OleDbDataAdapter(query, conn); 
    dAdapter.SelectCommand.Parameters.AddWithValue("@playerID", s); 
    DataTable dTable = new DataTable(); 
    dAdapter.Fill(dTable); 
    dataGridView1.DataSource = dTable; 
    dataGridView1.DataBind(); 
} 
0

使用此查询来检索与用户搜索数据

"Select playerBatStyle from Player where Player like %'"+s+"'";

相关问题