刚入门初学者各位大大 最简单的VB SQL多条件查询
刚入门菜鸟求助各位大大 最简单的VB SQL多条件查询
目的就是按多条件查询 然后将结果显示在多个textbox中
然后做到这一步 在试第一个型号的时候 点确定之后 没有任何反应
没有报错 = = 没有结果······
数据库
代码————————Imports System.Data.Sql
Public Class Form1
Dim mycon As New System.Data.SqlClient.SqlConnection
Dim mycmd As New System.Data.SqlClient.SqlCommand
Dim myada As System.Data.SqlClient.SqlDataAdapter
Dim myda As New DataSet
Dim myrea As System.Data.SqlClient.SqlDataReader
Private Sub Label1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles brand.Click
End Sub
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
mycon.ConnectionString = "Data Source=WIN-FL6893HHQA8;Initial Catalog=shoes;Integrated Security=True"
mycon.Open()
End Sub
Private Sub Label4_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label4.Click
End Sub
Private Sub bthcancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles bthcancel.Click
MessageBox.Show("感谢您的使用!", "球鞋选择系统")
Me.Close()
End Sub
Private Sub bthconfirm_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles bthconfirm.Click
Dim str1 As String = " "
If chksite.CheckedItems.Count <> 0 Then
Dim x As Integer
For x = 0 To chksite.CheckedItems.Count - 1
str1 = str1 & "Checked Item " & (x + 1).ToString & " = " & chksite.CheckedItems(x).ToString & ControlChars.CrLf
Next
End If
mycmd.CommandText = "select * from 鞋子 where sbrand=' " & cbbrand.Text & " ' and smaterial like' %" & cbmaterial.Text & " %' and sprice='" & cbprice.Text & "'and sconcept='" & cbconcept.Text & "'and ssite like'% " & str1 & "'"
mycmd.Connection = mycon
myrea = mycmd.ExecuteReader()
While (myrea.Read())
tbtype.Text = myrea.GetString(1)
End While
End Sub
End Class
求指导!!!!!!!跪求= =
------解决方案--------------------
1 不要保持到数据库的长链接,用完了就关掉.
2 不要拼SQL字符串,不然用户输入or 1=1就可以绕过你的查询条件。用参数化查询,或者用Linq:
IQueryable<Shoe> query=DbContext=Shoes;
if(!string.IsNullOrEmpty(sbrand))
query=query.Where(shoe=>shoe.Brand==sbrand);
------解决方案--------------------
1、首先检查查询条件对不对?有没有值?sql语句连接是否正确?该有空格的地方是否有?
2、字符串拼接sql查询不安全,容易引起sql注入,最好是用参数化查询
------解决方案--------------------
第2个条件估计有点问题,你看看是不是。
smaterial like' %" & cbmaterial.Text & " %'
第2个每件是LIKE,LIKE里面有2个%,第1个%前面有个空格,这个空格应该出现吗?
------解决方案--------------------
如果SQL正确,无论你查询出多少数据,最后显示在窗口上的只有最后一条数据的第2个字段的值。
While (myrea.Read())
tbtype.Text = myrea.GetString(1)
End While
也就是说,你查询出10条数据,显示在窗口上只有一个数据,你查询出1000条数据,显示在窗口上还是一个数据。
目的就是按多条件查询 然后将结果显示在多个textbox中
然后做到这一步 在试第一个型号的时候 点确定之后 没有任何反应
没有报错 = = 没有结果······
数据库
代码————————Imports System.Data.Sql
Public Class Form1
Dim mycon As New System.Data.SqlClient.SqlConnection
Dim mycmd As New System.Data.SqlClient.SqlCommand
Dim myada As System.Data.SqlClient.SqlDataAdapter
Dim myda As New DataSet
Dim myrea As System.Data.SqlClient.SqlDataReader
Private Sub Label1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles brand.Click
End Sub
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
mycon.ConnectionString = "Data Source=WIN-FL6893HHQA8;Initial Catalog=shoes;Integrated Security=True"
mycon.Open()
End Sub
Private Sub Label4_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label4.Click
End Sub
Private Sub bthcancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles bthcancel.Click
MessageBox.Show("感谢您的使用!", "球鞋选择系统")
Me.Close()
End Sub
Private Sub bthconfirm_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles bthconfirm.Click
Dim str1 As String = " "
If chksite.CheckedItems.Count <> 0 Then
Dim x As Integer
For x = 0 To chksite.CheckedItems.Count - 1
str1 = str1 & "Checked Item " & (x + 1).ToString & " = " & chksite.CheckedItems(x).ToString & ControlChars.CrLf
Next
End If
mycmd.CommandText = "select * from 鞋子 where sbrand=' " & cbbrand.Text & " ' and smaterial like' %" & cbmaterial.Text & " %' and sprice='" & cbprice.Text & "'and sconcept='" & cbconcept.Text & "'and ssite like'% " & str1 & "'"
mycmd.Connection = mycon
myrea = mycmd.ExecuteReader()
While (myrea.Read())
tbtype.Text = myrea.GetString(1)
End While
End Sub
End Class
求指导!!!!!!!跪求= =
------解决方案--------------------
1 不要保持到数据库的长链接,用完了就关掉.
2 不要拼SQL字符串,不然用户输入or 1=1就可以绕过你的查询条件。用参数化查询,或者用Linq:
IQueryable<Shoe> query=DbContext=Shoes;
if(!string.IsNullOrEmpty(sbrand))
query=query.Where(shoe=>shoe.Brand==sbrand);
------解决方案--------------------
1、首先检查查询条件对不对?有没有值?sql语句连接是否正确?该有空格的地方是否有?
2、字符串拼接sql查询不安全,容易引起sql注入,最好是用参数化查询
------解决方案--------------------
第2个条件估计有点问题,你看看是不是。
smaterial like' %" & cbmaterial.Text & " %'
第2个每件是LIKE,LIKE里面有2个%,第1个%前面有个空格,这个空格应该出现吗?
------解决方案--------------------
如果SQL正确,无论你查询出多少数据,最后显示在窗口上的只有最后一条数据的第2个字段的值。
While (myrea.Read())
tbtype.Text = myrea.GetString(1)
End While
也就是说,你查询出10条数据,显示在窗口上只有一个数据,你查询出1000条数据,显示在窗口上还是一个数据。