关于My project解决方案

在 Validated 事件处理程序中执行你的程序而不是在 TextChanged 中;正如您已经被告知的那样，每次在TextBox中输入新字符时重新创建数据库连接和查询都是一个设计问题，从用户体验的角度来看，它会使您的应用程序响应性降低并且烦人。



您还应该通过连接从用户获取的值来避免构造SQL查询;这会使您的代码对SQL注入攻击开放。

例如，如果有人在 textBox1 中输入以下文本：

Execute your procedure in the Validated event handler, rather than in the TextChanged one; as you already have been told, recreating a DB connection and query everytime a new character is entered in a TextBox is a design issue, it will make your application less responsive and annoying, from a user experience point of view.

You should also avoid constructing SQL queries by concatenating values obtained from users; this leaves your code opened to SQL injection attacks.
For example, if anyone enters the following text in textBox1:

';DROP DATABASE ParamBills;--

然后你被破坏了。



问候。

then you're busted.

Regards.

你可以做一件事。



拿一个 HiddenField 并在 TextChanged 事件中存储 TextBox 值。

下面的内容...

You can do one thing.

Take one HiddenField and store the TextBox value in it inside the TextChanged Event.
Something like below...

private void textBox1_TextChanged(object sender, EventArgs e)
{
    if(String.IsNullOrEmpty(hdnField.Value))
    {
        hdnField.Value = textBox1.Text;
    }
    else
    {
        hdnField.Value = hdnField.Value + "," + textBox1.Text;
    }

    SqlConnection conn = new SqlConnection();
    conn.ConnectionString = "Data Source=192.168.1.4;Initial Catalog=ParamBills;Persist Security Info=True;User ID=sa;Password=login";
    conn.Open();
    SqlCommand cmd = new SqlCommand("select Product_Name,Product_Code,Item_Name,Item_code,qty from Master_Stock_Register where Product_Name IN (@TextBoxValue)", conn);
    command.Parameters.AddWithValue("@TextBoxValue", hdnField.Value);

    SqlDataAdapter da = new SqlDataAdapter(cmd);
    DataTable dt = new DataTable();
    da.Fill (dt);
    dataGridView1.DataSource = dt;
  // dataGridView1.DataBind();
    conn.Close();
}