我正在研究将查询个人电影数据库的程序。 计划中的皱纹是选择流派。例如,假设我有3个复选框动作,冒险和喜剧。 电影可以分为一种流派或多种流派。 电影可以是动作或动作/喜剧。基于复选框的查询
下面的代码片段是我开始的......但不包含所有的变化。 Fill_Grid函数填充一个dataGridView。它适用于电影是否具有一种流派,或者用户是否选择与电影在数据库中完全相同的流派。 需要做的事情是如果一部电影是一部动作喜剧剧本,它应该显示出来,如果用户只选择动作或只选择喜剧或动作和喜剧。
如果这没有意义,请提出问题。
由于提前, -J
string str_SQL = "SELECT Name, File, Action, Fantasy, Horror, Thriller, Adventure, Animation, Comedy, Crime, Documentary, Drama, Family, Games, Mystery, Romance, SciFi, War FROM tbl_Main WHERE Action = " + chk_Action.Checked +
" AND Fantasy = " + chk_Adv.Checked +
" AND Horror = " + chk_Hor.Checked +
" AND Thriller = " + chk_Thrill.Checked +
" AND Adventure = " + chk_Adv.Checked +
" AND Animation = " + chk_Anim.Checked +
" AND Comedy = " + chk_Com.Checked +
" AND Crime = " + chk_Crime.Checked +
" AND Documentary = " + chk_Doc.Checked +
" AND Drama = " + chk_Drama.Checked +
" AND Family = " + chk_Fam.Checked +
" AND Games = " + chk_Game.Checked +
" AND Mystery = " + chk_Mys.Checked +
" AND Romance = " + chk_Rom.Checked +
" AND SciFi = " + chk_Sci.Checked +
" AND War = " + chk_War.Checked + ";";
Fill_Grid(str_SQL);
你应该总是使用[_参数化queries_](http://www.codinghorror.com/blog/2005/04/give-me- parameterized-sql-or-give-me-death.html)这种代码对[_SQL Injection_](http://en.wikipedia.org/wiki/SQL_injection)攻击是开放的。 – 2013-03-22 13:26:58
@Tom - 因为如果您有动作喜剧,并且您检查动作和浪漫,它仍然会被退回。 – LittleBobbyTables 2013-03-22 13:32:06
我是第一个向新人指出SQL注入的危险,但在这种情况下,我不明白这是怎么发生的 – Steve 2013-03-22 13:32:46