多条件的数据查询，究竟该如何写SQL（兼答复5期同学彭丰华）

近日5期有位同学在工作中遇到了一些问题，在他自己开发的系统中不能实现多条件查询，以下是他写的部分代码：

protected void chaxun_Click(object sender, EventArgs e)
2

{
3

string sqlsear = "select books_id,baogaomingcheng,danganhao,panhao,zhizuoren,caisetushu,heibaitushu,xiufupaibanshu,wenziyeshu,";
5

sqlsear += "xiutupianshu,zhizuofeiyong,nanduxishu,jianchayuan,wangchengriqi,beizhu from dizhi_ziliaoinfo where 1=1";
6

if (baogaomingcheng.Value.Trim() != "")
7

{
8

string baogao = baogaomingcheng.Value.Trim();
9

sqlsear += "and baogaomingcheng like '%" + baogao + "%'";
10

}
11

if (danganhao.Value.Trim() != "")
12

{
13

if (CheckBox1.Checked == false)
14

{
15

sqlsear+="and danganhao ='"+danganhao.Value.Trim() +"'";
16

}
17

else
18

{
19

sqlsear += "and danganhao like '%" + danganhao.Value.Trim() + "%'";
20

}
21

}
22

if (panhao.Value.Trim() != "")
24

{
25

if (CheckBox2.Checked == false)
26

{
27

sqlsear += "and (CHARINDEX('-', panhao) > 0) AND (CAST(SUBSTRING(panhao, 1, CHARINDEX('-', panhao) - 1) AS int) <= '"
28

+ Convert.ToInt32(panhao.Value.Trim())
29

+ "') AND (CAST(SUBSTRING(panhao,CHARINDEX('-', panhao) + 1, LEN(panhao) - CHARINDEX('-', panhao)) AS int) >= '"
30

+ Convert.ToInt32(panhao.Value.Trim())
31

+ "') OR (CHARINDEX('-', panhao) = 0) AND (CAST(panhao AS int) = '"
32

+ Convert.ToInt32(panhao.Value.Trim())
33

+ "')";
34

}
35

else
36

{
37

sqlsear += "and panhao like '%" + panhao.Value.Trim() + "%'";
38

}
39

}
40

if (zhizuoren.Value.Trim() != "")
42

{
43

sqlsear += "and zhizuoren like '%" + zhizuoren.Value.Trim() + "%'";
44

}
45

if (caisetushu.Value.Trim() != "")
47

{
48

sqlsear += "and caisetushu ="+caisetushu.Value.Trim();
49

}
50

if (heibaitushu.Value.Trim() != "")
52

{
53

sqlsear += "and heibaitushu =" + heibaitushu.Value.Trim();
54

}
55

if (xiufupaiban.Value.Trim() != "")
57

{
58

sqlsear += "and xiufupaibanshu =" + xiufupaiban.Value.Trim();
59

}
60

if (wenziyeshu.Value.Trim() != "")
62

{
63

sqlsear += "and wenziyeshu =" + wenziyeshu.Value.Trim();
64

}
65

if (xiufutushu.Value.Trim() != "")
67

{
68

sqlsear += "and xiutupianshu =" + xiufutushu.Value.Trim();
69

}
70

if (zhizuofeiyong.Value.Trim() != "")
72

{
73

sqlsear += "and zhizuofeiyong =" + zhizuofeiyong.Value.Trim();
74

}
75

if (nanduxishu.Value.Trim() != "")
78

{
79

sqlsear += "and nanduxishu like '%" + nanduxishu.Value.Trim() + "%'";
80

}
81

if (jianchayuan.Value.Trim() != "")
84

{
85

sqlsear += "and jianchayuan like '%" + jianchayuan.Value.Trim() + "%'";
86

}
87

if (wangchengriqi1.Value.Trim() != "")
89

{
90

if (wangchengriqi2.Value.Trim() == "")
91

{
92

sqlsear += "and wangchengriqi= '" + wangchengriqi1.Value.Trim() + "'";
93

}
94

else
95

{
96

sqlsear += "and wangchengriqi>= '" + wangchengriqi1.Value.Trim() + "'";
97

sqlsear += "and wangchengriqi<= '" + wangchengriqi2.Value.Trim() + "'";
98

}
99

}
100

sqlsear += "order by wangchengriqi desc";
101

showlist(sqlsear);
102

//jilushuju = sqlsear;
103

//jilusql.Value = sqlsear;
104

//qingkong_ServerClick();
105

106

}

他的代码质量姑且不论，但是如此使用SQL，实在是很不方便；这种多条件的查询最好做成存储过程，即使是普通的单SQL语句，也可以通过小技巧更好地实现查询。以上的代码中我们看到了大量的"if"语句，主要是用来判断查询条件框中是否有值，甚至还构造了"1=1"这样的永真式来进行辅助，这样做很不值得。

对于诸如"select [字段列表] from [表] where [条件] = 条件 "这样的查询，我们完全可以对查询的条件进行判断，比如"select * from dizhi_ziliaoinfo where danganhao = @danganhao"就是对上面的代码查询中danganhao字段的优化查询，@danganhao表示查询参数，我们可以通过SqlCommand的Parameters属性来进行添加和赋值，如果该值为空就跳过对danganhao字段的查询，那么我们可以做如下判断"select * from dizhi_ziliaoinfo where ((danganhao = @danganhao) or (@danganhao is null))" ，同理，我们可以编写出更好的存储过程来实现查询。