使用 C# 处理查询中的空格
Handling spaces in query using c#
当我单击按钮时,我会 运行 查询以搜索我在文本框中键入的值。例如,如果我输入 "case",它会给我所有类似于 "case" 的词。但是,如果我在要查找的项目之间放置 space,例如 "Case Manager",那么它不会 return 任何结果。当我 运行 sql 中的查询时,它当然有效,因为该项目在那里。我只是不确定我需要什么来处理查询中的 spaces。在我的代码中,param 变量是我要查找的文本框文本。
string Cmd = "";
protected void SearchButtonClick(object sender, EventArgs e)
{
Str = itemdropdownlist.SelectedValue;
Param = TextBox1.Text;
switch (Str)
{
case "Section Item":
Cmd = "SELECT DISTINCT SectionItemID, SectionItem FROM Core.SectionItem_Lkup WHERE SectionItem LIKE '%" + Param + "%'";
break;
case "SubSection":
Cmd = "SELECT DISTINCT SubSectionID, " + Str + " FROM Core.FormSubSection_Lkup WHERE SubSection LIKE '%" + Param + "%'";
break;
case "FormSection":
Cmd = "SELECT DISTINCT FormSectionID, " + Str + " FROM Core.FormSection_Lkup WHERE FormSection LIKE '%" + Param + "%'";
break;
case "Form Title":
Cmd = "SELECT DISTINCT FormID, FormTitle FROM Core.Form_Lkup WHERE FormTitle LIKE '%" + Param + "%'";
break;
case "Cross Item":
Cmd = "SELECT DISTINCT CrossItemID, CrossItem FROM Core.CrossItem_Lkup WHERE CrossItem LIKE '%" +
Param + "%'";
break;
}
GetQuery(Cmd, Param); //Execute query
}
参数 = textbox1.Text.Replace(" ", "%");
成就"some text""some%text"
您应该%非常小心地使用
/* In the Following query by using `% %` you mean you are looking for exactly the same keyword*/
SELECT * From YourTable where column LIKE '%" + Param + "%'";
看一些例子
以下 SQL 语句 select 所有城市以字母 "s" 开头的客户:
SELECT * FROM Customers
WHERE City LIKE 's%';
以下 SQL 语句 select 所有城市以字母 "s" 结尾的客户:
SELECT * FROM Customers
WHERE City LIKE '%s';
以下 SQL 语句 selects 所有客户的国家/地区包含模式 "land":
SELECT * FROM Customers
WHERE Country LIKE '%land%';
使用 NOT 关键字允许您 select 与模式不匹配的记录。
以下 SQL 声明 select 所有国家/地区不包含模式 "land" 的客户:
SELECT * FROM Customers
WHERE Country NOT LIKE '%land%';
参考:w3School , TutorialPoint
呃,我觉得你问错问题了。您永远不应通过串联用户输入来构建 SQL 查询。这将使您容易受到 SQL 注入攻击。
改用参数化查询:
Cmd = "SELECT DISTINCT CrossItemID, CrossItem FROM Core.CrossItem_Lkup WHERE CrossItem LIKE @CrossItem";
command.Parameters.AddWithValue("@CrossItem", string.Format("%{0}%", Param));
当我单击按钮时,我会 运行 查询以搜索我在文本框中键入的值。例如,如果我输入 "case",它会给我所有类似于 "case" 的词。但是,如果我在要查找的项目之间放置 space,例如 "Case Manager",那么它不会 return 任何结果。当我 运行 sql 中的查询时,它当然有效,因为该项目在那里。我只是不确定我需要什么来处理查询中的 spaces。在我的代码中,param 变量是我要查找的文本框文本。
string Cmd = "";
protected void SearchButtonClick(object sender, EventArgs e)
{
Str = itemdropdownlist.SelectedValue;
Param = TextBox1.Text;
switch (Str)
{
case "Section Item":
Cmd = "SELECT DISTINCT SectionItemID, SectionItem FROM Core.SectionItem_Lkup WHERE SectionItem LIKE '%" + Param + "%'";
break;
case "SubSection":
Cmd = "SELECT DISTINCT SubSectionID, " + Str + " FROM Core.FormSubSection_Lkup WHERE SubSection LIKE '%" + Param + "%'";
break;
case "FormSection":
Cmd = "SELECT DISTINCT FormSectionID, " + Str + " FROM Core.FormSection_Lkup WHERE FormSection LIKE '%" + Param + "%'";
break;
case "Form Title":
Cmd = "SELECT DISTINCT FormID, FormTitle FROM Core.Form_Lkup WHERE FormTitle LIKE '%" + Param + "%'";
break;
case "Cross Item":
Cmd = "SELECT DISTINCT CrossItemID, CrossItem FROM Core.CrossItem_Lkup WHERE CrossItem LIKE '%" +
Param + "%'";
break;
}
GetQuery(Cmd, Param); //Execute query
}
参数 = textbox1.Text.Replace(" ", "%");
成就"some text""some%text"
您应该%非常小心地使用
/* In the Following query by using `% %` you mean you are looking for exactly the same keyword*/
SELECT * From YourTable where column LIKE '%" + Param + "%'";
看一些例子
以下 SQL 语句 select 所有城市以字母 "s" 开头的客户:
SELECT * FROM Customers
WHERE City LIKE 's%';
以下 SQL 语句 select 所有城市以字母 "s" 结尾的客户:
SELECT * FROM Customers
WHERE City LIKE '%s';
以下 SQL 语句 selects 所有客户的国家/地区包含模式 "land":
SELECT * FROM Customers
WHERE Country LIKE '%land%';
使用 NOT 关键字允许您 select 与模式不匹配的记录。
以下 SQL 声明 select 所有国家/地区不包含模式 "land" 的客户:
SELECT * FROM Customers
WHERE Country NOT LIKE '%land%';
参考:w3School , TutorialPoint
呃,我觉得你问错问题了。您永远不应通过串联用户输入来构建 SQL 查询。这将使您容易受到 SQL 注入攻击。
改用参数化查询:
Cmd = "SELECT DISTINCT CrossItemID, CrossItem FROM Core.CrossItem_Lkup WHERE CrossItem LIKE @CrossItem";
command.Parameters.AddWithValue("@CrossItem", string.Format("%{0}%", Param));