日期:2014-05-18 浏览次数:21211 次
string SqlStr = "SELECT * FROM BusStation WHERE st LIKE '%'+@st+'%'"; SqlCommand cmd = new SqlCommand(SqlStr, conn); cmd.Parameters.AddWithValue("@st", st1); SqlDataReader reader1 = cmd.ExecuteReader(); string[] temp = new string[reader1.FieldCount]; try { //if ((reader1[0].ToString=null) 这里怎么判断用户输入的信息不对啊 我这么写会报错啊 ? // temp[0] = "没有!"; while (reader1.Read()) { for (int i = 0; i < reader1.FieldCount; i++) { temp[i] = reader1[i].ToString(); } }//while }//try
//字符串清理 public string InputText(string inputString, int maxLength) { StringBuilder retVal = new StringBuilder(); // 检查是否为空 if ((inputString != null) && (inputString != String.Empty)) { inputString = inputString.Trim(); //检查长度 if (inputString.Length > maxLength) inputString = inputString.Substring(0, maxLength); //替换危险字符 for (int i = 0; i < inputString.Length; i++) { switch (inputString[i]) { case '"': retVal.Append("""); break; case '<': retVal.Append("<"); break; case '>': retVal.Append(">"); break; default: retVal.Append(inputString[i]); break; } } retVal.Replace("'", " ");// 替换单引号 } return retVal.ToString(); }
------解决方案--------------------
string[] temp = new string[reader1.FieldCount];这个数组不能这么定义
修改成
if (reader1.FieldCount>0)
{
string[] temp = new string[reader1.FieldCount];
}
else
{
string[] temp = new string[1];
}
------解决方案--------------------