您的位置: 首页  >  技术问答  >  自动将数据显示到文本框中

自动将数据显示到文本框中

分类: 技术问答 2022-07-17 16:27:48
问题描述:

先生,我正在使用窗体和c#,我想将id插入文本框,数据库中的其余数据应自动显示。

先生如何在不使用datagridview控件的情况下执行此操作。

请给我一些例子



我尝试了什么:



sir i am using window form and c#, i want to insert id into the textbox and rest of data from the database should be automatic display.
sir how to do it without using datagridview control.
please give me some examples

What I have tried:

public void selectdata()
       {

           string connection = ConfigurationManager.ConnectionStrings["EmployeeContext"].ConnectionString;
           using (SqlConnection con = new SqlConnection(connection))
           {
               con.Open();
               using (SqlCommand cmd = new SqlCommand("select ITEM_NAME from ITEMOLD$ where ITEM_CODE='" + txtitemcode.Text + "'", con))
               {
                   SqlDataReader dr = cmd.ExecuteReader();
                   while (dr.Read())
                   {
                       txtitemname.Text = Convert.ToString(dr["ITEM_NAME"]);
                       txtpartycode.Text = Convert.ToString(dr["PARTY_CODE"]);
                       txthsnno.Text = Convert.ToString(dr["HSNNO"]);


                       txtsalesprice.Text = Convert.ToString(dr["SALE_PRICE"]);
                       txttotal.Text = Convert.ToString(dr["DISC_AMT"]);
                       txtcgst.Text = Convert.ToString(dr["CGST"]);
                       txtigstdata.Text = Convert.ToString(dr["IGST"]);


                   }

               }
           }
       }

其中ITEM_CODE ='+ txtitemcode.Text +',con))
{
SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
txtitemname.Text = Convert.ToString(dr [ITEM_NAME]);
txtpartycode.Text = Convert.ToString(dr [PARTY_CODE] );
txthsnno.Text = Convert.ToString(dr [HSNNO]);


txtsalesprice.Text = Convert.ToString(dr [SALE_PRICE]);
txttotal.Text = Convert.ToString(dr [DISC_AMT]);
txtcgst.Text = Convert.ToString(dr [CGST]);
txtigstdata.Text = Convert。 ToString(dr [IGST]);


}

}
}
}
where ITEM_CODE='" + txtitemcode.Text + "'", con)) { SqlDataReader dr = cmd.ExecuteReader(); while (dr.Read()) { txtitemname.Text = Convert.ToString(dr["ITEM_NAME"]); txtpartycode.Text = Convert.ToString(dr["PARTY_CODE"]); txthsnno.Text = Convert.ToString(dr["HSNNO"]); txtsalesprice.Text = Convert.ToString(dr["SALE_PRICE"]); txttotal.Text = Convert.ToString(dr["DISC_AMT"]); txtcgst.Text = Convert.ToString(dr["CGST"]); txtigstdata.Text = Convert.ToString(dr["IGST"]); } } } }


选择查询中缺少列名

Column names missing in the select query 
select ITEM_NAME ,PARTY_CODE ,HSNNO,SALE_PRICE,DISC_AMT,CGST,IGST from ITEMOLD




格式化sql查询字符串易受攻击 SQL Injection [ ^ ]攻击

总是使用参数化查询来防止SQL Server中的SQL注入攻击 [ ^ ]




Formatting the sql Query string is vulnerable to SQL Injection[^] attacks
always use Parameterized queries to prevent SQL Injection Attacks in SQL Server[^]

using (SqlCommand cmd = new SqlCommand("select ITEM_NAME ,PARTY_CODE ,HSNNO,SALE_PRICE,DISC_AMT,CGST,IGST from ITEMOLD


相关推荐