return all row after call stored procedure in entity framework
Question
The following stored procedure has been created in the database, stored procedure works correctly in database:
create procedure [dbo].[search_pazhoheshgar]
@se_code_melli varchar(10) = NULL,
@se_name nvarchar(30) = NULL,
@se_family nvarchar(30) = NULL,
@se_name_uni nvarchar(100) = NULL,
@se_name_reshte_tahsili nvarchar(50) = NULL
AS
begin try
begin tran
SET NOCOUNT ON;
select sabt.code_melli, sabt.name, sabt.family, sabt_como_univercity.name_uni,
sabt_como_reshte.name_reshte_tahsili
from sabt
inner join sabt_como_univercity ON sabt.univercity = sabt_como_univercity.id_uni
inner join sabt_como_reshte ON sabt.name_reshte = sabt_como_reshte.id_reshte_tahsili
where
sabt.code_melli like '%' + @se_code_melli + '%' or
sabt.name like '%' + @se_name + '%' or
sabt.family like '%' + @se_family + '%' or
sabt_como_univercity.name_uni like '%' + @se_name_uni + '%' or
sabt_como_reshte.name_reshte_tahsili like '%' + @se_name_reshte_tahsili + '%'
commit tran
end try
begin catch
rollback tran
return -1
end catch
With the commands below, I want to run stored procedure from C# program :
SqlParameter[] sqlParams;
string sqlQuery;
sqlQuery = "search_pazhoheshgar @se_code_melli, @se_name, @se_family, @se_name_uni, @se_name_reshte_tahsili";
sqlParams = new SqlParameter[]
{
new SqlParameter { ParameterName = "@se_code_melli", Value = (object)textBox23.Text ?? DBNull.Value},
new SqlParameter { ParameterName = "@se_name", Value = (object)textBox22.Text ?? DBNull.Value},
new SqlParameter { ParameterName = "@se_family", Value = (object)textBox21.Text ?? DBNull.Value},
new SqlParameter { ParameterName = "@se_name_uni", Value = (object)comboBox11.Text ?? DBNull.Value},
new SqlParameter { ParameterName = "@se_name_reshte_tahsili", Value = (object)comboBox12.Text ?? DBNull.Value}
};
using (SamenEntities dbContext = new SamenEntities())
{
dataGridView1.DataSource = dbContext.Database.SqlQuery<search_pazhoheshgar_Result>(sqlQuery, sqlParams).ToList();
}
But after running all the existing rows are displayed from the database. Also, I used the following Way to run stored procedure. But again, all rows are displayed:
using (SamenEntities dbContext = new SamenEntities())
{
dataGridView1.DataSource = dbContext.search_pazhoheshgar(textBox23.Text, textBox22.Text, textBox21.Text, comboBox11.Text, comboBox12.Text);
}
How can I fix the searcher problem?
1 answers
solution1
2 ACCPTED 2018-09-04 12:12:47
Your query combines a check on the search criteria with an OR condition. That means, when only one of entries an empty string, you will get the entire result set (except when the respective column is NULL ).
Your expression Value = (object)textBox23.Text ?? DBNull.Value Value = (object)textBox23.Text ?? DBNull.Value will never yield DBNull , because TextBox.Text will have the value "" instead of null . So you will pass an empty string to your stored procedure, which will cause...
abt.code_melli LIKE '%' + @se_code_melli + '%'
...to evaluate to...
abt.code_melli LIKE '%%'
Which will yield the entire result set (except where the column contains a NULL value), no matter what is in your other parameters (because they are combined with OR ).
You have to guard yourself against that in your WHERE condition:
--[...]
WHERE
@se_code_melli IS NOT NULL AND @se_code_melli <> '' AND
sabt.code_melli LIKE '%' + @se_code_melli + '%' OR
@se_name IS NOT NULL AND @se_name <> '' AND sabt.name LIKE '%' + @se_name + '%' OR
--[...]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.