I am trying to set up a query for my dataset in C# using a variable for the filter. For example I am trying to only display a specific account number and his balance, with a local variable being the account number used as a filter for that exact one. Am I going about this the wrong way?
我正在尝试使用过滤器的变量为C#中的数据集设置查询。例如,我试图只显示一个特定的帐号和他的余额,一个局部变量是用作该过去的过滤器的帐号。我是以错误的方式来做这件事的吗?
I am in no stretch of the imagination a real programmer, I am in a bind and have skimmed along using a guide to programming in C# and the limited brain power I have (which is now running on empty) :)
我没有想象中的真正的程序员,我处在一个绑定中并且使用C#编程指南以及我拥有的有限的脑力(现在正在运行):)
I also would like to alter the database information using a button with an eventhandler to add specific amounts a cell that was queried. Am I doomed for my lack of knowledge on hard coding or can I actually pull this off?
我还想使用带有eventhandler的按钮来更改数据库信息,以添加查询的单元格的特定数量。我是因为我对硬编码缺乏了解而注定的,还是我真的可以解决这个问题?
Sincerely, noobish engineer trying to program... or Jev
真诚的,noobish工程师试图编程...或Jev
4 个解决方案
#1
When you setup your dataset query you can do something like this;
设置数据集查询时,可以执行以下操作;
SELECT Name FROM TableNames WHERE Name = @Variable
Have a look at this link for more info
有关详细信息,请查看此链接
It might be worth having a look into SQL injection attack too, click here
可能值得研究一下SQL注入攻击,点击这里
#2
SqlCommand cmd = new sqlCommand("select * from table1 where column1 = @value", connection);
cmd.parameters.add(new SqlParameters("@value", "yourvalue"));
SqlDataReader dr = cmd.ExecuteReader();
while (dr.read())
{
//code here!
}
I Hope this will be usefull!
我希望这会有用!
#3
Once upon a time, I've written a little article on why you should definitely use parameters in SQL statements. (I've written it in response to the fact that I saw way to many people using string concat enation to write their queries).
曾几何时,我写了一篇关于你为什么要在SQL语句中使用参数的文章。 (我写这篇文章是为了回应我看到很多人使用字符串连接来编写查询的事实)。
You can find it here: http://fgheysels.blogspot.com/2005/12/avoiding-sql-injection-and-date.html
你可以在这里找到它:http://fgheysels.blogspot.com/2005/12/avoiding-sql-injection-and-date.html
#4
You could just use the variable to generate your SQL-Query dynamically, but beware of SQL-Injection - be really sure, that your variable may not contain SQL-Statements.
您可以使用该变量动态生成SQL-Query,但要注意SQL注入 - 请确保您的变量可能不包含SQL语句。
You could use a function, that builds and returns your SQL-Query like this, with the variable for the filter as parameter:
你可以使用一个函数来构建并返回你的SQL-Query,并将filter的变量作为参数:
internal string BuildSQLQueryForAccount(int account)
{
StringBuilder sb = new StringBuilder();
sb.Append("SELECT * ");
sb.Append("FROM Accounts ");
sb.AppendFormat("WHERE AccountNumber = {0}", account);
return sb.ToString();
}
#1
When you setup your dataset query you can do something like this;
设置数据集查询时,可以执行以下操作;
SELECT Name FROM TableNames WHERE Name = @Variable
Have a look at this link for more info
有关详细信息,请查看此链接
It might be worth having a look into SQL injection attack too, click here
可能值得研究一下SQL注入攻击,点击这里
#2
SqlCommand cmd = new sqlCommand("select * from table1 where column1 = @value", connection);
cmd.parameters.add(new SqlParameters("@value", "yourvalue"));
SqlDataReader dr = cmd.ExecuteReader();
while (dr.read())
{
//code here!
}
I Hope this will be usefull!
我希望这会有用!
#3
Once upon a time, I've written a little article on why you should definitely use parameters in SQL statements. (I've written it in response to the fact that I saw way to many people using string concat enation to write their queries).
曾几何时,我写了一篇关于你为什么要在SQL语句中使用参数的文章。 (我写这篇文章是为了回应我看到很多人使用字符串连接来编写查询的事实)。
You can find it here: http://fgheysels.blogspot.com/2005/12/avoiding-sql-injection-and-date.html
你可以在这里找到它:http://fgheysels.blogspot.com/2005/12/avoiding-sql-injection-and-date.html
#4
You could just use the variable to generate your SQL-Query dynamically, but beware of SQL-Injection - be really sure, that your variable may not contain SQL-Statements.
您可以使用该变量动态生成SQL-Query,但要注意SQL注入 - 请确保您的变量可能不包含SQL语句。
You could use a function, that builds and returns your SQL-Query like this, with the variable for the filter as parameter:
你可以使用一个函数来构建并返回你的SQL-Query,并将filter的变量作为参数:
internal string BuildSQLQueryForAccount(int account)
{
StringBuilder sb = new StringBuilder();
sb.Append("SELECT * ");
sb.Append("FROM Accounts ");
sb.AppendFormat("WHERE AccountNumber = {0}", account);
return sb.ToString();
}