搜索按钮没有输出

本文关键字:输出 按钮 搜索 | 更新日期: 2023-09-27 18:25:07

我的网页上有一个搜索按钮,它应该从DB中返回主题名称,这些名称与输入的搜索词相似,但当我使用以下代码时,我没有得到任何结果。。。请帮我做…

这是我的C#代码

     protected void Button1_Click(object sender, ImageClickEventArgs e)
    {
        MySqlConnection connection = new MySqlConnection("server=localhost; database=e-learningsystem; uid=root; password=123;port=3307;");
        connection.Open();
        string srh = editbox_search.Type;
        try
        {
          MySqlCommand cmd = new MySqlCommand("SELECT * FROM subject WHERE Name= LIKE %'" + srh + "'%", connection);
            MySqlDataAdapter da = new MySqlDataAdapter(cmd);
            DataSet ds = new DataSet();
            da.Fill(ds);
            GridView1.DataSource = ds;
            GridView1.DataBind();
            connection.Close();
        }
        catch
        {
        }

asp.net代码:

    <input name="editbox_search" class="editbox_search" id="editbox_search" 
              maxlength="80" type="text" 
              style="background-color: #99CCFF; margin-top: 0px; height: 15px;" runat="server" 
              enableviewstate="True" title="Search Courses:" clientidmode="Inherit" 
              dir="ltr" visible="True"/>            
        <asp:Button ID="Button1" 
              runat="server" Height="26px" Text="Go" Width="32px" />
    <asp:GridView ID="GridView1" runat="server" ShowFooter="True"
         Caption="<h3 style='background-color:teal;color:white;'>Search Results...</h3>" 
        BackColor="LightGoldenrodYellow" BorderColor="Tan" 
        BorderWidth="1px" CellPadding="2" ForeColor="Black" GridLines="None">
    </asp:GridView>

搜索按钮没有输出

查询中存在错误,请按如下方式更正。

MySqlCommand cmd = new MySqlCommand("SELECT * FROM subject WHERE Name LIKE '%" + srh + "%'", connection);

首先,使用参数化命令来避免SQL注入。其次,我认为您要查找的值在输入的Text属性中,而不是Type属性。最后,单引号位于匹配字符之外,即'%searchvalue%'

protected void Button1_Click(object sender, ImageClickEventArgs e)
{
    MySqlConnection connection = new MySqlConnection("connection string removed");
    connection.Open();
    try
    {
        var cmd = new MySqlCommand("SELECT * FROM subject WHERE Name LIKE '%@input%'", connection);
        cmd.Parameters.Add("@input", editbox_search.Text);
        MySqlDataAdapter da = new MySqlDataAdapter(cmd);
        DataSet ds = new DataSet();
        da.Fill(ds);
        GridView1.DataSource = ds;
        GridView1.DataBind();
        connection.Close();
    }
    catch (Exception e)
    {
       // log the exception
    }

}

试试这个:

protected void Button1_Click(object sender, ImageClickEventArgs e)
{
    MySqlConnection connection = new MySqlConnection("connection string removed");
    connection.Open();
    try
    {
        var cmd = new MySqlCommand("SELECT * FROM subject WHERE Name LIKE '%'+@input+'%'", connection);
        cmd.CommandType = CommandType.Text;
        cmd.Parameters.AddWithValue("@input", editbox_search.Text);
        MySqlDataAdapter da = new MySqlDataAdapter(cmd);
        MySqlDataReader dr = cmd.ExecuteReader();
        da.Fill(dr);
        GridView1.DataSource = dr;
        GridView1.DataBind();
        connection.Close();
    }
    catch (Exception e)
    {
       // log the exception
    }
}

尝试此查询

SELECT * FROM subject WHERE Name LIKE %'" + srh + "'%