搜索到的數據未以 asp.net 形式加載到數據網格視圖中？

Question

當我點擊搜索時，它將在表格中按名稱搜索。（參考圖片 1）

圖片 1

我的搜索代碼

protected void srchbtn_Click(object sender, EventArgs e)
    {
        try
        {
            if (string.IsNullOrWhiteSpace(this.TextBox1.Text))
            {
                Response.Write("<script>alert('Search name is empty!')</script>");
               
            }
            else
            {

                con.Open();
                adapt = new SqlDataAdapter("select Convert(nvarchar(10),Date,121) as Date,Department,KaizenLead,Type,Observation,Onetimereapeat,Typeofwaste,Rootcase,ImageBefore,ImageAfter,Before,After,Improvement,Savings,Impleteam,validateby,Rootcase,safetyadmin,convert(nvarchar(10),Implementationdate,121) as Implementationdate,Status,Reason,FinanceRef  from GembaKaizen where KaizenLead like '" + TextBox1.Text + "'", con);
                dt = new DataTable();
                adapt.Fill(dt);
                gv_case.DataSource = dt;//gv_gase-grid view name
                con.Close();

                
            }
           
        }
        catch(SqlException)
        {
            Response.Write("<script>alert('Database error!')</script>");
        }
    }

Answer 1

                    con.Open();
                    adapt = new SqlDataAdapter("select Convert(nvarchar(10),Date,121) as Date,Department,KaizenLead,Type,Observation,Onetimereapeat,Typeofwaste,Rootcase,ImageBefore,ImageAfter,Before,After,Improvement,Savings,Impleteam,validateby,Rootcase,safetyadmin,convert(nvarchar(10),Implementationdate,121) as Implementationdate,Status,Reason,FinanceRef  from GembaKaizen where KaizenLead like '" + TextBox1.Text + "'", con);
                    DataSet ds = new DataSet();
                    adapt.Fill(ds);
                    gv_case.DataSource = ds;
                    gv_case.DataBind();
                    con.Close();

Answer 2

我不確定我是否理解這個問題，但我可以看到您的代碼有兩個問題：

1. sql 查詢中的 like 子句需要%否則就是相等

like '%" + TextBox1.Text + "%'"

2. Sql 注入 始終在查詢中添加用戶輸入作為參數，否則很容易發生 sql 注入