SQL语句一直返回所有行,而不是少数
本文关键字:一直 语句 返回 SQL | 更新日期: 2023-09-27 18:16:37
我有asp.net网站,其中包含13个文本框,用户可以输入某些信息,通过数据库搜索。网格视图填充数据。此数据仅供查看。
我的问题是,每一行总是返回。如果用户只在一个字段中输入数据,则只返回包含该数据的行。相反,每一行返回无论什么,我似乎无法找出什么是错误的我的SQL语句。
完整代码如下:
SqlConnection mySqlConnection = new SqlConnection(strings.settings.connectionString);
SqlCommand mycommand = new SqlCommand("SELECT SOPID, CONTACT, SHIPTONAME, KNOWN_EMAIL, ADDR1, ADDR2, CITY, STATE, ZIPCODE, PHONE1, CUSTPO, CID, AID, SEATS FROM dbo.LOOKUP_TEST_TBL WHERE CONTACT = @CONTACT OR SHIPTONAME = @SHIPTONAME OR KNOWN_EMAIL = @KNOWN_EMAIL OR ADDR1 = @ADDR1 OR ADDR2 = @ADDR2 OR CITY = @CITY OR STATE = @STATE OR ZIPCODE = @ZIPCODE OR PHONE1 = @PHONE1 OR CUSTPO = @CUSTPO OR CID = @CID OR AID = @AID OR SEATS = @SEATS", mySqlConnection);
//AccessCommand.Parameters.AddWithValue("@ORDERID", SqlDbType.Char).Value = txtOrderID.Text.ToUpper();
mycommand.Parameters.AddWithValue("@CONTACT", SqlDbType.Char).Value = txtContact.Text.ToUpper();
mycommand.Parameters.AddWithValue("@SHIPTONAME", SqlDbType.Char).Value = txtShipToName.Text.ToUpper();
mycommand.Parameters.AddWithValue("@KNOWN_EMAIL", SqlDbType.Char).Value = txtEmail.Text.ToUpper();
mycommand.Parameters.AddWithValue("@ADDR1", SqlDbType.Char).Value = txtAddress1.Text.ToUpper();
mycommand.Parameters.AddWithValue("@ADDR2", SqlDbType.Char).Value = txtAddress2.Text.ToUpper();
mycommand.Parameters.AddWithValue("@CITY", SqlDbType.Char).Value = txtCity.Text.ToUpper();
mycommand.Parameters.AddWithValue("@STATE", SqlDbType.Char).Value = txtState.Text.ToUpper();
mycommand.Parameters.AddWithValue("@ZIPCODE", SqlDbType.Char).Value = txtZip.Text.ToUpper();
mycommand.Parameters.AddWithValue("@PHONE1", SqlDbType.Char).Value = txtPhone.Text.ToUpper();
mycommand.Parameters.AddWithValue("@CUSTPO", SqlDbType.Char).Value = txtCustomerPO.Text.ToUpper();
mycommand.Parameters.AddWithValue("@CID", SqlDbType.Char).Value = txtCustomerID.Text.ToUpper();
mycommand.Parameters.AddWithValue("@AID", SqlDbType.Char).Value = txtAddressID.Text.ToUpper();
mycommand.Parameters.AddWithValue("@SEATS", SqlDbType.Char).Value = txtSeats.Text.ToUpper();
mySqlConnection.Open();
SqlDataReader reader = mycommand.ExecuteReader();
if (reader.HasRows == false)
{
throw new Exception();
}
GridView1.DataSource = reader;
GridView1.DataBind();
}
任何提示或建议或指向正确方向的点将是太棒了!谢谢大家!
你的查询应该看起来像
SELECT *
FROM dbo.LOOKUP_TEST_TBL
WHERE (CONTACT = @CONTACT and CONTACT is not null) or
(SHIPTONAME = @SHIPTONAME and SHIPTONAME is not null).....
只排除可空记录
问题几乎肯定是查询——它将返回用户没有提供的任何字段中有空列的任何行。
我会尝试只使用用户指定的列来构造查询。
获取非空参数:
Dictionary<string, string> values = new Dictionary<string,string> {
{ "@CONTACT", txtContact.Text.ToUpper() },
{ "@ADDR1", txtAddress1.Text.ToUpper() },
// etc
};
var enteredParams = values.Where(kvp => !string.IsNullOrEmpty(kvp.Value));
string sql = string.Format("SELECT ... WHERE {0}",
string.Join(" OR ",
enteredParams.Select(kvp =>
kvp.Key.TrimStart(new char[] { '@' }) + " = " + kvp.Key
)
);
foreach (var kvp in enteredParams)
{
mycommand.Parameters.AddWithValue(kvp.Key, kvp.Value);
}
您将WHERE子句中的所有内容放在一起,因此即使其中一个内容匹配,也会包含在结果中。你是不是想把他们放在一起?