【100分】疑难问题,请高手围观、解答!!!!!!
在asp.net后台拼SQL语句,发现一个很妖的问题,代码如下:
if (!string.isNullOrEmpty(txtClient.Text.Trim())){ str += " and name like @client "; parameters.Add(new SqlParameter("@client", "%" + txtClient.Text.Trim() + "%"));}
/// <summary> /// 根据日期,资源名称,资源描述查询资源信息 /// </summary> /// <returns></returns> public DataSet FN_SerchByDateAndType(Guid FolderId, NRModel.File model, string createdate, string endate) { string strSql = "select * from t_File where 1 =1 and FolderId=@FolderId"; string strWhere = ""; if (!string.IsNullOrEmpty(model.FileNam)) { strWhere += " and FileNam like @FileNam"; } //if (!string.IsNullOrEmpty(model.Decription)k) //{ // strWhere += " and Decription like @Decription"; //} if (!string.IsNullOrEmpty(createdate) || !string.IsNullOrEmpty(endate)) { strWhere += " and CreateOn between @createdate and @endate order by ModefyOn desc"; } strSql += strWhere; SqlParameter[] parameters = { new SqlParameter("@FolderId", SqlDbType.UniqueIdentifier), new SqlParameter("@FileNam", SqlDbType.NVarChar, 256), new SqlParameter("@createdate", SqlDbType.NVarChar), new SqlParameter("@endate", SqlDbType.NVarChar) }; parameters[0].Value = FolderId; parameters[1].Value = "%" + model.FileNam + "%"; //parameters[1].Value = "%" + model.Decription + "%"; parameters[2].Value = createdate; parameters[3].Value = endate; return DbHelperSQL.Query(strSql, parameters); //SqlParameter[] parameters = new SqlParameter[4]; //parameters[0] = new SqlParameter("@FileNam", model.FileNam); //parameters[1] = new SqlParameter("@stardate", createdate); //parameters[2] = new SqlParameter("@enddate", endate); ////执行存储过程 //return DbHelperSQL.RunProcedure("P_UserSerch", parameters, "t_File"); }
[解决办法]
因为现在已经是字符串形式了,就没必要加''了
"%" + txtClient.Text.Trim() + "%"
"%查询条件%" 最终得到的使这个。你如果加上
"'%查询条件%'"
这样就不对了!
[解决办法]
拼接的需要,像这样参数的就不需要了
----------------------------------签----------名----------栏----------------------------------
[解决办法]