1. 首页
  2. 问答
  3. 基于复选框的查询

基于复选框的查询

2013-03-22 122 views
0

我正在研究将查询个人电影数据库的程序。 计划中的皱纹是选择流派。例如,假设我有3个复选框动作,冒险和喜剧。 电影可以分为一种流派或多种流派。 电影可以是动作或动作/喜剧。基于复选框的查询

下面的代码片段是我开始的......但不包含所有的变化。 Fill_Grid函数填充一个dataGridView。它适用于电影是否具有一种流派,或者用户是否选择与电影在数据库中完全相同的流派。 需要做的事情是如果一部电影是一部动作喜剧剧本,它应该显示出来,如果用户只选择动作或只选择喜剧或动作和喜剧。

如果这没有意义,请提出问题。

由于提前, -J

 string str_SQL = "SELECT Name, File, Action, Fantasy, Horror, Thriller, Adventure, Animation, Comedy, Crime, Documentary, Drama, Family, Games, Mystery, Romance, SciFi, War FROM tbl_Main WHERE Action = " + chk_Action.Checked + 
      " AND Fantasy = " + chk_Adv.Checked + 
      " AND Horror = " + chk_Hor.Checked + 
      " AND Thriller = " + chk_Thrill.Checked + 
      " AND Adventure = " + chk_Adv.Checked + 
      " AND Animation = " + chk_Anim.Checked + 
      " AND Comedy = " + chk_Com.Checked + 
      " AND Crime = " + chk_Crime.Checked + 
      " AND Documentary = " + chk_Doc.Checked + 
      " AND Drama = " + chk_Drama.Checked + 
      " AND Family = " + chk_Fam.Checked + 
      " AND Games = " + chk_Game.Checked + 
      " AND Mystery = " + chk_Mys.Checked + 
      " AND Romance = " + chk_Rom.Checked + 
      " AND SciFi = " + chk_Sci.Checked + 
      " AND War = " + chk_War.Checked + ";"; 

      Fill_Grid(str_SQL);

来源

2013-03-22 JMJ

+3

你应该总是使用[_参数化queries_](http://www.codinghorror.com/blog/2005/04/give-me- parameterized-sql-or-give-me-death.html)这种代码对[_SQL Injection_](http://en.wikipedia.org/wiki/SQL_injection)攻击是开放的。 – 2013-03-22 13:26:58

+0

@Tom - 因为如果您有动作喜剧,并且您检查动作和浪漫,它仍然会被退回。 – LittleBobbyTables 2013-03-22 13:32:06

+2

我是第一个向新人指出SQL注入的危险,但在这种情况下,我不明白这是怎么发生的 – Steve 2013-03-22 13:32:46

回答

0

下面的代码片段工作。谢谢大家的意见,你让我朝着正确的方向前进

string str_Checkboxes=""; 
string str_SQL = "SELECT Name, File, Action, Fantasy, Horror, Thriller, Adventure, Animation, Comedy, Crime, Documentary, Drama, Family, Games, Mystery, Romance, SciFi, War FROM tbl_Main WHERE "; 

//Loop through each control on the form, we are looking for checkboxes 
foreach (Control c in this.Controls) 
{ 
    if(c is CheckBox) 
    { 
     if (((CheckBox)c).Checked) 
     { 
     //Bypass putting AND at the beginning of str_Checkboxes 
     if(str_Checkboxes != "") 
      str_Checkboxes+=" AND "; 
     //Checkbox text is the same as the field name in the database 
      str_Checkboxes += (((CheckBox)c).Text) + " = True"; 
     } 
    } 
    } 
//build the SQL 
str_SQL += str_Checkboxes + ";"; 
//Fill the grid 
Fill_Grid(str_SQL);

来源

2013-03-22 21:25:22 JMJ

2

看看该复选框首先检查。然后,将其添加到查询中。

if (chk_Adv.Checked == true) { 
    str_SQL = str_SQL+" AND Fantasy = 1" 
}

来源

2013-03-22 13:30:32

+0

该程序是独立的。 用OR替换所有AND不起作用。无论选择什么,它都会返回所有数据。不幸的是,我对参数化查询并不熟悉。 – JMJ 2013-03-22 13:37:31

0

试试这个,如果所有的列数据类型是SQL bit

string str_SQL = "SELECT Name, File, Action, Fantasy, Horror, Thriller, Adventure, Animation, Comedy, Crime, Documentary, Drama, Family, Games, Mystery, Romance, SciFi, War FROM tbl_Main WHERE Action = " + chk_Action.Checked + 
" AND Fantasy = " + chk_Adv.Checked?-1 :0 + 
" AND Horror = " + chk_Hor.Checked ? -1 : 0 + 
" AND Thriller = " + chk_Thrill.Checked ? -1 : 0 + 
" AND Adventure = " + chk_Adv.Checked ? -1 : 0 + 
" AND Animation = " + chk_Anim.Checked ? -1 : 0 + 
" AND Comedy = " + chk_Com.Checked ? -1 : 0 + 
" AND Crime = " + chk_Crime.Checked ? -1 : 0 + 
" AND Documentary = " + chk_Doc.Checked ? -1 : 0 + 
" AND Drama = " + chk_Drama.Checked ? -1 : 0 + 
" AND Family = " + chk_Fam.Checked ? -1 : 0 + 
" AND Games = " + chk_Game.Checked ? -1 : 0 + 
" AND Mystery = " + chk_Mys.Checked ? -1 : 0 + 
" AND Romance = " + chk_Rom.Checked ? -1 : 0 + 
" AND SciFi = " + chk_Sci.Checked ? -1 : 0 + 
" AND War = " + chk_War.Checked ? -1 : 0 + ";"; 

Fill_Grid(str_SQL);

更新 如果您使用在MS-接入和数据类型是Yes/No,那么真正= -1和假= 0,check here

来源

2013-03-22 13:54:47 Arshad

+0

这是在Access数据库中,所以类型是布尔值我猜,因为标志是Y/N或T/F。 上述代码无效。感谢您的输入Arshad – JMJ 2013-03-22 16:29:57

+0

在Access中,True是'-1' – Brad 2013-03-22 17:39:25

相关问题

 相关问题