使用@Gordon Linoff答案,我希望更多的编辑添加到您的代码。
您的代码不是“注射安全”(check SQL Injection here)。我也不明白在这里使用BETWEEN
...是HRUBKA
有多少字段? (整型,浮点,数字等)
如果HRUBKA
是一个数字它会像:
double sklad_od = 0, sklad_do = 0;
using (SqlDataAdapter dr = new SqlDataAdapter(" select * from tab_sklad "
"where SMENA LIKE '%" + String.IsNullOrEmpty(txt_smena_sklad_filter.Text) ? "'" : (txt_smena_sklad_filter.Text.Replace("'", "''") + "%'") +
" and DATUM LIKE '%" + String.IsNullOrEmpty(txt_datum_sklad_filter.Text) ? "'" : (txt_datum_sklad_filter.Text.Replace("'", "''") + "%'") +
" and DODAVATEL LIKE '%" + String.IsNullOrEmpty(cmb_firma_sklad_filter.Text) ? "'" : (cmb_firma_sklad_filter.Text.Replace("'", "''") + "%'") +
" and CISLO_PALETY LIKE '%" + String.IsNullOrEmpty(txt_paleta_sklad_filter.Text) ? "'" : (txt_paleta_sklad_filter.Text.Replace("'", "''") + "%'") +
" and HRUBKA LIKE '%" + String.IsNullOrEmpty(txt_hrubka_sklad_filter.Text) ? "'" : (txt_hrubka_sklad_filter.Text.Replace("'", "''") + "%'") +
" and KVALITA LIKE '%" + String.IsNullOrEmpty(cmb_kvalita_sklad_filter.Text) ? "'" : (cmb_kvalita_sklad_filter.Text.Replace("'", "''") + "%'") +
" and DRUH LIKE '%" + String.IsNullOrEmpty(cmb_druh_sklad_filter.Text) ? "'" : (cmb_druh_sklad_filter.Text.Replace("'", "''") + "%'") +
(double.TryParse(txt_sklad_od.Text, out sklad_od) && double.TryParse(txt_sklad_do.Text, out sklad_do) ? (" and HRUBKA BETWEEN " + sklad_od + " AND " + sklad_do) : "") +
" ", cn))
否则:
using (SqlDataAdapter dr = new SqlDataAdapter(" select * from tab_sklad "
"where SMENA LIKE '%" + String.IsNullOrEmpty(txt_smena_sklad_filter.Text) ? "'" : (txt_smena_sklad_filter.Text.Replace("'", "''") + "%'") +
" and DATUM LIKE '%" + String.IsNullOrEmpty(txt_datum_sklad_filter.Text) ? "'" : (txt_datum_sklad_filter.Text.Replace("'", "''") + "%'") +
" and DODAVATEL LIKE '%" + String.IsNullOrEmpty(cmb_firma_sklad_filter.Text) ? "'" : (cmb_firma_sklad_filter.Text.Replace("'", "''") + "%'") +
" and CISLO_PALETY LIKE '%" + String.IsNullOrEmpty(txt_paleta_sklad_filter.Text) ? "'" : (txt_paleta_sklad_filter.Text.Replace("'", "''") + "%'") +
" and HRUBKA LIKE '%" + String.IsNullOrEmpty(txt_hrubka_sklad_filter.Text) ? "'" : (txt_hrubka_sklad_filter.Text.Replace("'", "''") + "%'") +
" and KVALITA LIKE '%" + String.IsNullOrEmpty(cmb_kvalita_sklad_filter.Text) ? "'" : (cmb_kvalita_sklad_filter.Text.Replace("'", "''") + "%'") +
" and DRUH LIKE '%" + String.IsNullOrEmpty(cmb_druh_sklad_filter.Text) ? "'" : (cmb_druh_sklad_filter.Text.Replace("'", "''") + "%'") +
" and HRUBKA LIKE '%" + String.IsNullOrEmpty(txt_sklad_do.Text) ? "'" : (txt_sklad_do.Text.Replace("'", "''") + "%'") +
" ", cn))
“不工作” 是没有问题的描述。它会抛出一个错误吗?什么是错误信息?它会返回意外的结果吗?你能指望什么?它实际上返回了什么?显示一些示例数据。 – HoneyBadger
MôjpríkazSQL je zle,chcem ciciakdátavúdajovámriežkatextboxs。请看我的照片。 –