protected void Button1_Click(object sender, EventArgs e)
{
NorthWindDataContext db = new NorthWindDataContext();
var search = from i in db.InBill
// where SqlMethods.Like(i.SaleName, "%" + this.TextBox1.Text.Trim() + "%")
where i.SaleName.Contains(this.TextBox1.Text) //对象是否在此字符串中出现
select i;
GridView1.DataSource = search;
GridView1.DataBind();
}
{
NorthWindDataContext db = new NorthWindDataContext();
var search = from i in db.InBill
// where SqlMethods.Like(i.SaleName, "%" + this.TextBox1.Text.Trim() + "%")
where i.SaleName.Contains(this.TextBox1.Text) //对象是否在此字符串中出现
select i;
GridView1.DataSource = search;
GridView1.DataBind();
}
第一种就是SqlMethods.Like()查询,需引用 System.Data.Linq.SqlClient;
第二种就是直接字段名.Contains(); 只需要引用 System.Linq
还有一个问题我想问一下,这两种写法安全吗? 代码中那么写,会不会发生SQL注入?