public DataTable findInternalID(string name)
{
RecordConnection.Open();
DataTable output = new DataTable();
OleDbCommand bdCommand = RecordConnection.CreateCommand() as OleDbCommand;
StringBuilder x = new StringBuilder();
// SELECT InternalID FROM EmployeeList WHERE Name = "(name)"
x.AppendLine("SELECT InternalID ");
x.AppendLine("FROM EmployeeList ");
x.AppendLine($"WHERE Name LIKE '%{name}%'");
bdCommand.CommandText = x.ToString();
_dataAdapter = new OleDbDataAdapter(bdCommand);
_dataAdapter.Fill(output);
RecordConnection.Close();
return output;
}
该代码块适合员工只有一个记录,但是对于具有多个记录的员工,由于这一行,它将同时填充所有内部INTERDID记录和输出:
x.AppendLine($"WHERE Name LIKE '%{name}%'");
因此,我试图将类似的关键字更改为“ =”:
x.AppendLine($"WHERE Name = '%{name}%'");
但这给了我一个错误。如何编辑代码,因此,当输入“ John Smith”仅输出“ 52455”并输入“ John Smith”仅输出“ 49”。
在主函数下,我编写了一个代码来测试此功能:
string name = "John Smith"; // or John smith
DataTable output = _accessManager.findInternalID(name);
String message = result.Rows[0][0].ToString(); // Or ROWS[1][0]
MessageBox.Show(message);
BTW,我使用MS Access:)
=================解决问题! ===================我非常感谢大家帮助我。我考虑了每个人的建议,这是我的最终代码。我使用了
StrComp()
public DataTable findInternalID(string name)
{
RecordConnection.Open();
DataTable output = new DataTable();
OleDbCommand bdCommand = RecordConnection.CreateCommand() as OleDbCommand;
StringBuilder x = new StringBuilder();
x.AppendLine("SELECT InternalID ");
x.AppendLine("FROM EmployeeList ");
x.AppendLine($"WHERE StrComp(Name, @name, 0) = 0;");
bdCommand.CommandText = x.ToString();
bdCommand.Parameters.AddWithValue("name", $"{name}");
_dataAdapter = new OleDbDataAdapter(bdCommand);
_dataAdapter.Fill(output);
RecordConnection.Close();
return output;
}
即将使用MS Access,几个注释供将来参考,那么
COLLATEvarbinary(MAX)
对于初学者,您绝对不应通过将用户置换到查询字符串中来构建SQL查询。这样做会使您容易受到
SQL注入的影响。相反,您应该使用查询参数将用户提供的数据传递给查询。重写您的原始功能以使用参数可能看起来像这样:
public DataTable findInternalID(string name)
{
RecordConnection.Open();
var output = new DataTable();
var bdCommand = RecordConnection.CreateCommand() as OleDbCommand;
var x = new StringBuilder();
// SELECT InternalID FROM EmployeeList WHERE Name = "(name)"
x.AppendLine("SELECT InternalID ");
x.AppendLine("FROM EmployeeList ");
x.AppendLine("WHERE Name LIKE @name");
bdCommand.CommandText = x.ToString();
bdCommand.Parameters.AddWithValue("name", $"%{name}%");
_dataAdapter = new OleDbDataAdapter(bdCommand);
_dataAdapter.Fill(output);
RecordConnection.Close();
return output;
}
为了获得案例敏感的查询,我不能说我实际上已经做到了。假设您的数据库是SQL Server。
COLLATE或者,也许要比较字节?
x.AppendLine("SELECT InternalID ");
x.AppendLine("FROM EmployeeList ");
x.AppendLine("WHERE Name = @name COLLATE Latin1_General_CP1_CS_AS");
varbinary(MAX)。如果要跨多行格式化语句,则可以将逐字化x.AppendLine("SELECT InternalID ");
x.AppendLine("FROM EmployeeList ");
x.AppendLine("WHERE CAST(Name as varbinary(MAX)) = CAST(@name AS varbinary(MAX))");
StringBuilder
string在SQL Server中,您只需要对病例敏感的搜索,请尝试此!
@
string commandText = @"SELECT InternalId
FROM EmployeeList
WHERE Name = @name COLLATE Latin1_General_CP1_CS_AS";