如何在c＃中实现搜索功能？

Question

Db names
Click on this Image to see search functionality

下面的代码是用于搜索功能，请帮助我完成它，并建议选择查询[字符串的SQLSelect =“”]我应该把这里完成我的搜索，如果你们有任何想法请与我分享我真的需要帮助在此先感谢..

protected void btn_search_Click(object sender, EventArgs e) 
{ 
    string status = dd_status.SelectedValue.Trim(); 
    string address = pacinput.Text.Trim(); 
    string prop_type = string.Empty; 
    foreach (ListItem item in DropDownCheckBoxes1.Items) 
    { 
     if (item.Selected) 
     { 
      prop_type += item.Value + ","; 
     } 
    } 
    string type = prop_type.Trim(); 
    string minbed = dd_minbed.SelectedValue.Trim(); 
    string maxbed = dd_maxbed.SelectedValue.Trim(); 
    string minprice = dd_minprice.SelectedValue.Trim(); 
    string maxprice = dd_maxprice.SelectedValue.Trim(); 
    string sqlSelect = ""; 
    SqlCommand cmd = new SqlCommand(sqlSelect, con); 
    SqlDataAdapter da = new SqlDataAdapter(cmd); 
    DataTable dt = new DataTable(); 
    da.Fill(dt); 
    Session["dt"] = dt; 
    Response.Redirect("property_list.aspx"); 
} 

Answer 1

正如评论中所述，请始终使用参数化查询，以防止SQL注入。回到你真正的问题，你应该开始一个查询字符串，它给你整个结果集。此外，根据用户输入不断输入过滤器并延长您的查询：

var sql = new StringBuilder(); 

//This will select all records from your table 
sql.Append("SELECT FROM YOUR TABLE WHERE 1=1"); 

// Check your conditions here 
if (dd_status.SelectedValue != null) //Or some other condition 
    sql.Append(" AND STATUS = @status"); 
// ... and so on for each filter 

//Finally with your sql command add necessary parameters 
using (SqlCommand cmd = new SqlCommand(sql.ToString(), conn)) 
{ 
    if (dd_status.SelectedValue != null) 
     cmd.Parameters.AddWithValue("@status", dd_status.SelectedValue); 
    // ... and so on for each filter 
}