public List<Notice> GetAllLike(string title)
{
//string sql = "select * from notice where notice.NoticeTitle like '%" + title + "% 'order by notice.PostDate desc "; string sql = "select * from notice where notice.NoticeTitle like '%@NoticeTitle%' order by notice.PostDate desc ";
conn.Open();
SqlCommand comm = new SqlCommand(sql, conn);
SqlParameter par = new SqlParameter("@NoticeTitle", title);
comm.Parameters.Add(par);
SqlDataReader reader = comm.ExecuteReader();
List<Notice> list = new List<Notice>();
try
{
while (reader.Read())
{
Notice notice = new Notice();
notice.Id = Convert.ToInt32(reader["Id"]);
notice.NoticeTitle = reader["NoticeTitle"].ToString();
notice.NoticeContent = reader["NoticeContent"].ToString();
notice.PostName = reader["PostName"].ToString();
notice.PostTime = Convert.ToDateTime(reader["PostDate"]);
notice.NoticeDepartment = reader["NoticeDepartment"].ToString();
list.Add(notice);
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
finally
{
reader.Close();
conn.Close(); }
return list; }
{
//string sql = "select * from notice where notice.NoticeTitle like '%" + title + "% 'order by notice.PostDate desc "; string sql = "select * from notice where notice.NoticeTitle like '%@NoticeTitle%' order by notice.PostDate desc ";
conn.Open();
SqlCommand comm = new SqlCommand(sql, conn);
SqlParameter par = new SqlParameter("@NoticeTitle", title);
comm.Parameters.Add(par);
SqlDataReader reader = comm.ExecuteReader();
List<Notice> list = new List<Notice>();
try
{
while (reader.Read())
{
Notice notice = new Notice();
notice.Id = Convert.ToInt32(reader["Id"]);
notice.NoticeTitle = reader["NoticeTitle"].ToString();
notice.NoticeContent = reader["NoticeContent"].ToString();
notice.PostName = reader["PostName"].ToString();
notice.PostTime = Convert.ToDateTime(reader["PostDate"]);
notice.NoticeDepartment = reader["NoticeDepartment"].ToString();
list.Add(notice);
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
finally
{
reader.Close();
conn.Close(); }
return list; }
解决方案 »
- 写过上传文件功能的请进
- 从Excel文件中查询数据并分组显示
- 百思不得其解,解决者马上给分
- DataGrid中如何隐藏左边的空列?!
- winform中:所试图打开的数据库被本机用户(Admin)以独占的方式打开"的错误! 有人遇到过吗?
- vs2008为什么每次修改程序,都重新生成解决方案
- 用dataadapter和dataset更新数据库,有几种方法?各自的代码??想了解过程中dataset中内容的变化情况?
- 哪里有关于计算机书评的网站,我要买计算机书
- 关于自定义控件的属性问题(C#)
- C# dataGridView 读取Excel 表格内容 报错:对象不能从DBNUll转换为其他类型
- polyline即绘即显效率问题求助
- 昨天看完淘宝架构转变文章c#有淘宝HSF中间件功能的开源项目吗
+ "% 'order by notice.PostDate desc ";
{
//string sql = "select * from notice where notice.PostDate like '%" + title + "%' order by notice.PostDate desc ";
string sql = String .Format ("select * from notice where notice.NoticeTitle like '{0}'order by notice.PostDate desc", title);
conn.Open();
DataSet ds = new DataSet();
SqlDataAdapter da = new SqlDataAdapter(sql, conn);
da.Fill(ds, "notice");
conn.Close();
return ds;
}
这样写对吗? 不过还是空值 我都愁死了
string sql = String .Format ("select * from notice where notice.NoticeTitle like '{0}'order by notice.PostDate desc", ‘%"+title+”%’);
???这样吗 string sql = String .Format ("select * from notice where notice.NoticeTitle like order ‘%"+title+”%’ by notice.PostDate desc);
sp[0] = new SqlParameter("?aaa", SqlDbType.VarChar, 200); sp[0].Value ="%" +"1"+"%";
DataTable dt = SqlHelper.ExecuteDataTable(connection, CommandType.Text, "SELECT * FROM T WHERE TID LIKE ?aaa", sp);
给你推荐一个写法
我这个是mysql的你MS SQL的也差不多只是?换成@
那也不是完全之策,所以我推荐我上面的写法。
举个例子
你的{0} 是--
你的SQL语句就是select * from notice where notice.NoticeTitle like -- order by notice.PostDate desc
order by就会被注释掉,而like后语法就错误了,程序会立刻报错。