帮我检查一下错误

 请帮我看一下下面这段代码的like用法有误吗?谢谢           
            string strFilter;
            if (txbOne.Text.Trim().Length == 0)
            {
                if (txbTwo.Text.Trim().Length == 0)
                {
                    if (txbThree.Text.Trim().Length == 0)
                        strFilter = "";
                    else
                    {
                        strFilter = "where 班级编号 = ";
                        strFilter += "'+txbThree.Text.Trim()+'";
                    }
                }
                else
                {
                    strFilter = "where 年级 like '";
                    strFilter += txbTwo.Text.Trim() + "%'";
                    if (txbThree.Text.Trim().Length != 0)
                    {
                        strFilter += "and 班级名称 like '";
                        strFilter += txbThree.Text.Trim() + "%'";
                    }
                }
            }
            else
            {
                strFilter = "where 班级编号 like '";
                strFilter += txbOne.Text.Trim() + "%'";
                if (txbTwo.Text.Trim().Length != 0)
                {
                    strFilter += "and 年级 like '";
                    strFilter += txbTwo.Text.Trim() + "%'";
                    if (txbThree.Text.Trim().Length != 0)
                    {
                        strFilter += " and 班级名称 like '";
                        strFilter += txbThree.Text.Trim() + "%'";
                    }
                    else
                    {
                        if (txbThree.Text.Trim().Length != 0)
                        {
                            strFilter += "and 班级名称 like '";
                            strFilter += txbThree.Text.Trim() + "%'";
                        }
                    }
                }
            }

解决方案 »

  1.   

    应该不能这样用的吧,这里的like就相当于是一个字符串了,编译器不能够辨认出你想要的like意思
      

  2.   

    补充一点:vs2005工具,C#语言
      

  3.   

    是动态拼sql语句么?如是,注意在and前面加上空格,还有要加上N吧,比如strFilter += "and 班级名称 like '"; 写成strFilter += " and 班级名称 like N'"; 模糊查询的话,查询串前后都加%号与只在后面加是不同的
      

  4.   

    strFilter = "where 班级编号 = "; 
    strFilter += "'+txbThree.Text.Trim()+'"; 
    这句是有错误的,在运行时+txbThree.Text.Trim()+是作为字符串出现,没有获取到文本框里的值
    应该是
    strFilter = "where 班级编号 = "; 
    strFilter += "'"+txbThree.Text.Trim()+"'"; 
      

  5.   

    你说的是对的,但关键不是在这里,主要是like语句有问题,这怪我没把问题说清楚,你在看看下面这段,谢谢
      private void btnSearch_Click(object sender, EventArgs e)
            {             
                string strFilter;
                if (txbOne.Text.Trim().Length == 0)
                {
                    if (txbTwo.Text.Trim().Length == 0)
                    {
                        if (txbThree.Text.Trim().Length == 0)
                            strFilter = "";
                        else
                        {
                            strFilter = "where 班级编号 like '";
                            strFilter += txbThree.Text.Trim() + "%'";
                        }
                    }
                    else
                    {
                        strFilter = "where 年级 like '";
                        strFilter += txbTwo.Text.Trim() + "%'";
                        if (txbThree.Text.Trim().Length != 0)
                        {
                            strFilter += " and 班级名称 like '";
                            strFilter += txbThree.Text.Trim() + "%'";
                        }
                    }
                }
                else
                {
                    strFilter = "where 班级编号 like '";
                    strFilter += txbOne.Text.Trim() + "%'";
                    if (txbTwo.Text.Trim().Length != 0)
                    {
                        strFilter += " and 年级 like '";
                        strFilter += txbTwo.Text.Trim() + "%'";
                        if (txbThree.Text.Trim().Length != 0)
                        {
                            strFilter += " and 班级名称 like '";
                            strFilter += txbThree.Text.Trim() + "%'";
                        }
                        else
                        {
                            if (txbThree.Text.Trim().Length != 0)
                            {
                                strFilter += " and 班级名称 like '";
                                strFilter += txbThree.Text.Trim() + "%'";
                            }
                        }
                    }
                }
      

  6.   

    下面将like 全部换成了=,上面一个提示like有误,这个提示=附近有误
      private void btnSearch_Click(object sender, EventArgs e)
            {             
                string strFilter;
                if (txbOne.Text.Trim().Length == 0)
                {
                    if (txbTwo.Text.Trim().Length == 0)
                    {
                        if (txbThree.Text.Trim().Length == 0)
                            strFilter = "";
                        else
                        {
                            strFilter = "where 班级编号 = ";
                            strFilter += "'" + txbThree.Text.Trim() + "'"; 
                        }
                    }
                    else
                    {
                        strFilter = "where 年级 =";
                        strFilter += "'" + txbTwo.Text.Trim() + "'"; 
                        if (txbThree.Text.Trim().Length != 0)
                        {
                            strFilter += " and 班级名称 =";
                            strFilter += "'" + txbThree.Text.Trim() + "'"; 
                        }
                    }
                }
                else
                {
                    strFilter = "where 班级编号 =";
                    strFilter += "'" + txbOne.Text.Trim() + "'"; 
                    if (txbTwo.Text.Trim().Length != 0)
                    {
                        strFilter += " and 年级 =";
                        strFilter += "'" + txbTwo.Text.Trim() + "'"; 
                        if (txbThree.Text.Trim().Length != 0)
                        {
                            strFilter += " and 班级名称 =";
                            strFilter += "'" + txbThree.Text.Trim() + "'"; 
                        }
                        else
                        {
                            if (txbThree.Text.Trim().Length != 0)
                            {
                                strFilter += " and 班级名称 =";
                                strFilter += "'" + txbThree.Text.Trim() + "'"; 
                            }
                        }
                    }
                }
      

  7.   

    1.首先是SQL注入漏洞请把各个文本框里的“'”替换成“''”
    2.没必要这么麻烦
    string strFilter= "WHERE 1=1 ";
    if (txbOne.Text.Trim().Length != 0) 
    {
       strFilter += " AND 班级编号 ='" + txbOne.Text.Replace("'","''").Trim() + "'"; 
    }
    if (txbTwo.Text.Trim().Length != 0) 

       strFilter += " and 年级 LIKE '" + txbTwo.Text.Replace("'","''").Trim() + "%'"; 
    }
    if (txbThree.Text.Trim().Length != 0) 

      strFilter += " and 班级名称 like '" + txbThree.Text.Replace("'","''").Trim() + "%'";