带有 sql 和参数的 c# 过滤器函数
c# filter function with sql and parameters
我使用了两年前在 VB 中完成的代码,将几乎所有代码转换为在 c# 环境中工作,尽管我在最后一部分遇到了障碍,因为我'我不确定如何处理它。
前一个VB代码
If Not binGotOne Then
strSQL = Mid$(strSQL, 1, InStr(strSQL, "WHERE") - 1)
End If
当前 C# 代码
/* This section I belive is substrings though I'm not sure,
currently I can't get it to work as I'm not sure how to apporach it*/
if (!filter)
{
query = (query, 1,(query, "WHERE") - 1);
}
C# 部分是完整功能的最后一部分,如下所示,我似乎无法理解。
SqlConnection connection = new SqlConnection();
Security security = new Security();
try
{
connection.ConnectionString = connectionPath;
connection.Open();
Boolean filter = false;
string query = string.Format("SELECT * FROM Staff WHERE ");
if (txtstaffid.Text != null)
{
filter = true;
query = query + "Staff_StaffId = " + txtstaffid.Text + "'";
}
else if (cbotitle.Text != null)
{
filter = true;
query = query + "Staff_Title = '" + cbotitle.Text + "";
}
else if (cborole.Text != null)
{
filter = true;
query = query + "Staff_Role = '" + cborole.Text + "'";
}
else if (txtfname.Text != null)
{
filter = true;
query = query + "Staff_Firstname = '" + txtfname.Text + "'";
}
else if (txtsname.Text != null)
{
filter = true;
query = query + "Staff_Surname = '" + txtsname.Text + "'";
}
else if (txtpostcode.Text != null)
{
filter = true;
query = query + "Staff_Postcode = '" + txtpostcode.Text + "'";
}
else if (txtemail.Text != null)
{
filter = true;
query = query + "Staff_Email = '" + txtemail.Text + "'";
}
/* This section I belive is substrings though I'm not sure,
currently I can't get it to work as I'm not sure how to apporach it*/
if (!filter)
{
query = (query, 1, (query, "WHERE") - 1);
}
SqlCommand cmd = new SqlCommand(query, connection);
SqlDataAdapter dap = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
dap.Fill(ds);
BindingSource bs = new BindingSource();
bs.DataSource = ds.Tables[0];
dgv.DataSource = bs;
dap.Update(ds);
}
catch (SqlException sql)
{
MessageBox.Show(sql.Message);
}
finally
{
connection.Close();
connection.Dispose();
}
看起来那部分代码的工作是从 SQL 中删除“WHERE”(如果没有添加过滤器)。直译为 c# 将是..
sql = sql.Substring(0, sql.IndexOf("WHERE") - 1);
也许这样会更清楚一些
sql = sql.Replace(" WHERE", String.Empty);
此外,您的代码容易受到 SQL 注入 - 您应该使用参数。
我会使用 system.Linq 进行查询。
你可以这样做:
DataSet.Select(record => record.column == requiredvalue);
这将 return 一个 IQueryable,您可以在其上应用更多条件。
查询仅在您开始使用结果时执行。
例如:
var result = DataSet.Select(...);
List list = result.ToList();
查询的执行发生在 ToList() 上;
我使用了两年前在 VB 中完成的代码,将几乎所有代码转换为在 c# 环境中工作,尽管我在最后一部分遇到了障碍,因为我'我不确定如何处理它。
前一个VB代码
If Not binGotOne Then
strSQL = Mid$(strSQL, 1, InStr(strSQL, "WHERE") - 1)
End If
当前 C# 代码
/* This section I belive is substrings though I'm not sure,
currently I can't get it to work as I'm not sure how to apporach it*/
if (!filter)
{
query = (query, 1,(query, "WHERE") - 1);
}
C# 部分是完整功能的最后一部分,如下所示,我似乎无法理解。
SqlConnection connection = new SqlConnection();
Security security = new Security();
try
{
connection.ConnectionString = connectionPath;
connection.Open();
Boolean filter = false;
string query = string.Format("SELECT * FROM Staff WHERE ");
if (txtstaffid.Text != null)
{
filter = true;
query = query + "Staff_StaffId = " + txtstaffid.Text + "'";
}
else if (cbotitle.Text != null)
{
filter = true;
query = query + "Staff_Title = '" + cbotitle.Text + "";
}
else if (cborole.Text != null)
{
filter = true;
query = query + "Staff_Role = '" + cborole.Text + "'";
}
else if (txtfname.Text != null)
{
filter = true;
query = query + "Staff_Firstname = '" + txtfname.Text + "'";
}
else if (txtsname.Text != null)
{
filter = true;
query = query + "Staff_Surname = '" + txtsname.Text + "'";
}
else if (txtpostcode.Text != null)
{
filter = true;
query = query + "Staff_Postcode = '" + txtpostcode.Text + "'";
}
else if (txtemail.Text != null)
{
filter = true;
query = query + "Staff_Email = '" + txtemail.Text + "'";
}
/* This section I belive is substrings though I'm not sure,
currently I can't get it to work as I'm not sure how to apporach it*/
if (!filter)
{
query = (query, 1, (query, "WHERE") - 1);
}
SqlCommand cmd = new SqlCommand(query, connection);
SqlDataAdapter dap = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
dap.Fill(ds);
BindingSource bs = new BindingSource();
bs.DataSource = ds.Tables[0];
dgv.DataSource = bs;
dap.Update(ds);
}
catch (SqlException sql)
{
MessageBox.Show(sql.Message);
}
finally
{
connection.Close();
connection.Dispose();
}
看起来那部分代码的工作是从 SQL 中删除“WHERE”(如果没有添加过滤器)。直译为 c# 将是..
sql = sql.Substring(0, sql.IndexOf("WHERE") - 1);
也许这样会更清楚一些
sql = sql.Replace(" WHERE", String.Empty);
此外,您的代码容易受到 SQL 注入 - 您应该使用参数。
我会使用 system.Linq 进行查询。
你可以这样做:
DataSet.Select(record => record.column == requiredvalue);
这将 return 一个 IQueryable,您可以在其上应用更多条件。 查询仅在您开始使用结果时执行。
例如:
var result = DataSet.Select(...);
List list = result.ToList();
查询的执行发生在 ToList() 上;