![](/img/trans.png)
[英]Get all selected values from uniqueID CheckBoxList in VB.NET
[英]Creating SQL query in VB.net from a Checkboxlist
我有一个清单,并从数据库中动态填充它。 例如,在我填充复选框后,就像这样:
我想根据选中的复选框创建一个SQL查询。 如果我只选择一个城市(例如,仅纽约),我希望结果是:
(城市= 2)
那可以正常工作,但是当我有多个城市(例如纽约,伦敦和阿姆斯特丹)时,我希望结果例如:
(城市= 2)或(城市= 3)或(城市= 5)
或者,如果我选择洛杉矶和柏林,我希望结果是这样的:
(城市= 1)或(城市= 4)
我怎样才能做到这一点? 那是我下面的代码,但我被堆积了。 有任何想法吗?
Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim var As String = ""
Dim counter As Integer = 0
Dim myList As New List(Of String)()
For i As Integer = 0 To CheckBoxList1.Items.Count - 1
If CheckBoxList1.Items(i).Selected Then
myList.Add(i + 1)
counter = counter + 1
If counter = 1 Then
var = "(City =" & i + 1 & ")"
Else
Console.WriteLine(myList(1))
Dim myArray As String() = myList.ToArray()
For j As Integer = 1 To myArray.Length
Dim var2 As String = " OR (City =" & counter & ")"
var = "(City =" & myArray(0) & ")" & var2
Next
End If
End If
Next
SQL = "SELECT * FROM Data1 WHERE (" & var & ") ORDER BY [ID]"
Session("Search") = SQL
Server.Transfer("Data_Form.aspx")
End Sub
我最强烈建议您查看表值参数:
http://msdn.microsoft.com/en-us/library/bb675163(v=vs.110).aspx
这将解决您的问题并帮助您避免sql注入漏洞。
但是,如果您确实坚持使用字符串连接,请尝试使用IN()
条件,在此条件下最终会出现类似CITY IN (1,2)
而不是(City = 1 OR City = 2)
。 您可以通过使用未使用的ID来使其更容易编写,如下所示:
Dim cityClause As String = " CITY IN (-1{0})" 'start with a valid clause
Dim cityIDs As String = ""
For Each box As ListItem In CheckBoxList1.Items.Where(Function(b) b.Selected)
'Try storing the ID for each city in the value part of each listitem,
' rather than using the index order
cityIDs = cityIDs & "," & box.Value
Next box
cityClause = string.Format(cityClause, cityIDs)
您可以使用City IN(2,3,5)
代替(City = 2) OR (City = 3) OR (City = 5)
:
Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim condition As String = ""
For i As Integer = 0 To CheckBoxList1.Items.Count - 1
If CheckBoxList1.Items(i).Selected Then
condition = condition & "," & (i + 1)
End If
Next
SQL = "SELECT * FROM Data1 WHERE (" & condition.SubString(1) & ") ORDER BY [ID]"
Session("Search") = SQL
Server.Transfer("Data_Form.aspx")
End Sub
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.