最近做一个页面遇到从一个text框中一次获取多值参数的问题(如:一次可输入多个学生ID),点击查看后以表格形式返回查询结果!其中查询语句关联了两张表(),
Select *From dbo.stu Inner Join dbo.stuScore on stu.Id=stuScore.Id Where stu.Id IN (@Id)) Order by stuScore.Score
我在公共类里这样建立方法:
private static readonly string sqlcommandstr = @"Select *From dbo.stu Inner Join dbo.stuScore on stu.Id=stuScore.Id Where stu.Id IN (@Id)) Order by stuScore.Score"; public static DataTable GetDateTable(string Id)
{
using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["myConnectionString"].ToString()))
{
using (SqlCommand command = new SqlCommand(sqlcommandstr, connection))
{
command.Parameters.AddWithValue("@Id",Id); connection.Open(); SqlDataAdapter sda = new SqlDataAdapter(sqlcommandstr, connection); DataTable dt = new DataTable(); sda.Fill(dt); return dt; connection.Close();
}
} }
该页面中的相关代码我是这样写的:private string stuIdsParameter
{
get
{
string stuIds = String.Empty; int output, stuCount = 0; StringReader reader = new StringReader(stuIdTextBox.Text); string line = reader.ReadLine(); string nextline = reader.ReadLine(); while (nextline != null)
{
if (Int32.TryParse(nextline, out output))
{
if (Int32.TryParse(line, out output))
{
stuIds += String.Format("{0},", line); srCount++;
}
line = nextline;
}
nextline = reader.ReadLine();
}
if (Int32.TryParse(line, out output))
{
stuIds += line; srCount++;
}
return stuIds;
}
}
protected void viewButton_Click(object sender, ClickEventArgs e)
{
string StuId = this.stuIdsParameter; DataTable dt = DataAccess.GetDateTable(StuId); CasesGridView.DataSource = dt; CasesGridView.DataBind();
}
执行结果显示参数声明有错,有哪位高手帮忙看看!小弟不胜感激!
Select *From dbo.stu Inner Join dbo.stuScore on stu.Id=stuScore.Id Where stu.Id IN (@Id)) Order by stuScore.Score
我在公共类里这样建立方法:
private static readonly string sqlcommandstr = @"Select *From dbo.stu Inner Join dbo.stuScore on stu.Id=stuScore.Id Where stu.Id IN (@Id)) Order by stuScore.Score"; public static DataTable GetDateTable(string Id)
{
using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["myConnectionString"].ToString()))
{
using (SqlCommand command = new SqlCommand(sqlcommandstr, connection))
{
command.Parameters.AddWithValue("@Id",Id); connection.Open(); SqlDataAdapter sda = new SqlDataAdapter(sqlcommandstr, connection); DataTable dt = new DataTable(); sda.Fill(dt); return dt; connection.Close();
}
} }
该页面中的相关代码我是这样写的:private string stuIdsParameter
{
get
{
string stuIds = String.Empty; int output, stuCount = 0; StringReader reader = new StringReader(stuIdTextBox.Text); string line = reader.ReadLine(); string nextline = reader.ReadLine(); while (nextline != null)
{
if (Int32.TryParse(nextline, out output))
{
if (Int32.TryParse(line, out output))
{
stuIds += String.Format("{0},", line); srCount++;
}
line = nextline;
}
nextline = reader.ReadLine();
}
if (Int32.TryParse(line, out output))
{
stuIds += line; srCount++;
}
return stuIds;
}
}
protected void viewButton_Click(object sender, ClickEventArgs e)
{
string StuId = this.stuIdsParameter; DataTable dt = DataAccess.GetDateTable(StuId); CasesGridView.DataSource = dt; CasesGridView.DataBind();
}
执行结果显示参数声明有错,有哪位高手帮忙看看!小弟不胜感激!
都是ID int 类型的话 在组合的时候判断一下就可以了 照样防注入