0
SqlDataAdapter da =
new SqlDataAdapter("SELECT *
FROM Patient
Where Registration_Id = '" + textBox1.Text + "'
OR Patient_Name = '" + textBox1.Text + "'", cn);
如何在所有字段中搜索int或字符串?如何在所有字段中搜索int或字符串
编辑代码:
if (comboBox1.Text == "Registration_Id")
{
da = new SqlDataAdapter("SELECT *
FROM Patient
Where Registration_Id = '" + textBox1.Text + "'", cn);
}
else if (comboBox1.Text == "Patient_Name")
{
da = new SqlDataAdapter("SELECT *
FROM Patient
Where Patient_Name = '" + textBox1.Text + "'", cn);
}
不要这样写代码,它会受到SQL注入攻击。 – RedFilter 2012-04-04 17:40:11
if(comboBox1.Text ==“Registration_Id”) da = new SqlDataAdapter(“SELECT * FROM Patient Where Registration_Id ='”+ textBox1.Text +“'”,cn); } 否则如果(comboBox1.Text == “Patient_Name”) { DA =新的SqlDataAdapter( “SELECT * FROM患者在哪里Patient_Name = '” + textBox1.Text + “'”,CN); } – 2012-04-04 18:13:25