string sql = "WHERE 1=1";
if (ConfigParam.Keyword != "")
{
txtKey.Text = ConfigParam.Keyword;
sql += " and m.UserName like '%" + ConfigParam.Keyword + "%'";
}
if (ConfigParam.StatusFlag>0)
{
DropDownList1.SelectedValue = ConfigParam.StatusFlag.ToString();
sql += " and mo.StatusFlag = " + ConfigParam.StatusFlag;
}
protected void btnSearch_Click(object sender, EventArgs e)
{
Response.Redirect("manage.aspx?StatusFlag=" + DropDownList1.SelectedValue + "&Keyword=" + txtKey.Text);
}
exec('SELECT mo.ID FROM MemberOrder mo
LEFT JOIN Member m ON m.ID = mo.UserID '+@Keywords+' ORDER BY mo.ID DESC')
------解决方案--------------------------------------------------------
@Keywords是什么东西,肯定拼接后sql语句有问题,显示出来看看
------解决方案--------------------------------------------------------
- SQL code
--如果你使用exec,就把你的sql拼結好了再往裡傳,像你上面的寫法declare @sql nvarchar(max),@Keywords nvarchar(200)select @Keywords='....'select @sql='SELECT mo.ID FROM MemberOrder moLEFT JOIN Member m ON m.ID = mo.UserID '+@Keywords+' ORDER BY mo.ID DESC'exec(@sql)--或者你使用sp_executesql,這個可以帶參
------解决方案--------------------------------------------------------
关键@Keywords这个变量的值是什么???
------解决方案--------------------------------------------------------
------解决方案--------------------------------------------------------
orz 你keywords那个参数断点追一下里面的值。如果只是一个关键字的话那你的sql拼出来肯定是不对的!