protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection myConnection = new SqlConnection("Data Source=DELL-PC\\SQLEXPRESS;Initial Catalog=eclass;Persist Security Info=True;integrated security = true");
myConnection.Open();
string key = txtsearchkey.Text.ToString();
SqlCommand q1 = new SqlCommand("select cat_id from category where cat_name='" + (ddsearchcat.SelectedItem.ToString() + "'"), myConnection);
string cat = q1.ExecuteScalar().ToString();
SqlCommand q2 = new SqlCommand("select subcat_id from subcategory where subcat_name= '" + (ddsearchsubcat.SelectedItem.ToString() + "'"), myConnection);
string subcat = q2.ExecuteScalar().ToString();
SqlCommand q3 = new SqlCommand("select adid from adType where adtype= '" + (ddsearchtype.SelectedItem.ToString()) + "'", myConnection);
string adtype = q3.ExecuteScalar().ToString();
String date = ddsearchdays.SelectedItem.ToString();
if (chkAdimg.Checked)
{
if (chkAdVideo.Checked)
{
SqlCommand query = new SqlCommand("select title,ad_description from postad where ad_description like " + txtsearchkey + " and category_id=" + cat + " and subcategory_id=" + subcat + " and ad_id=" + adtype + " and video is not null and img_id is not null and adType INNER JOIN adType AS adType_1 ON adType.adid = adType_1.adid CROSS JOIN category CROSS JOIN subcategory CROSS JOIN userdetails", myConnection);
DataSet ds = new DataSet();
SqlDataAdapter ad = new SqlDataAdapter(query);
ad.Fill(ds);
foreach (DataRow dr in ds.Tables[0].Rows)
{
Response.Write(dr[0].ToString());
}
}
}
}
这个查询是给了我一个问题,说sql查询问题
其中 条件,预计在指定的上下文非布尔型 的表达,接近内心...
我应该让我的查询什么变化
看起来你`的SqlCommand query`线可能是罪魁祸首。我的猜测是你上面的查询之一,你使用值来建立你的`SqlCommand查询`返回一个无效的值。你应该通过它来确保你获得了正确的值,并且可能应该在使用它们来构建另一个查询之前验证这些变量。 – Prescott 2011-04-15 16:13:59
**首先:**将** NOT **字符串连接到SQL查询中!你知道吗[SQL注入](http://xkcd.com/327/)?不要这样做 - 不是永远。请改用**参数化查询**! – 2011-04-15 20:02:23