protected
void
Button1_Click(
object
sender, EventArgs e)
{
NorthWindDataContext db = new NorthWindDataContext();
var search = from i in db.InBill
// where SqlMethods.Like(i.SaleName, "%" + this.TextBox1.Text.Trim() + "%")
where i.SaleName.Contains( this .TextBox1.Text) // 对象是否在此字符串中出现
select i;
GridView1.DataSource = search;
GridView1.DataBind();
}
{
NorthWindDataContext db = new NorthWindDataContext();
var search = from i in db.InBill
// where SqlMethods.Like(i.SaleName, "%" + this.TextBox1.Text.Trim() + "%")
where i.SaleName.Contains( this .TextBox1.Text) // 对象是否在此字符串中出现
select i;
GridView1.DataSource = search;
GridView1.DataBind();
}
第一种就是SqlMethods.Like()查询,需引用 System.Data.Linq.SqlClient;
第二种就是直接字段名.Contains(); 只需要引用 System.Linq
还有一个问题我想问一下,这两种写法安全吗? 代码中那么写,会不会发生SQL注入?