首先，我不知道你的数据库是否包含合理的数据，但是它写在这里的方式，它真的很容易注入SQL。我建议你使用带参数的存储过程，以避免安全问题。



但如果我看一下这个，考虑到我不知道在哪里的事实@insp_mission_number参数来自，我试试这个：



string query = string.Format（SELECT im。*，i.first_name + i.surname AS inspector_name，b.name AS branch_name，m.name AS ministry_name FROM（（（在我的im.inspector_id = i.id上，我的左边连接检查器，我是左边的连接分支，在im.insp_branch_id = b.id上为b）左连接部门在im.ministry_id = m.id）其中im.insp_mission_number 喜欢'％'+ @insp_mission_number +'％'和im.insp_branch_id = @insp_branch_id和im.inspector_id = @inspector_id和im。 ministry_id = @ministry_id）;



但就像我说的那样，因为我不知道参数的定义在哪里，我可能错了。



希望它有所帮助。

First of all, I don't know if your database holds sensible data, but the way it is written here, it is really prone to SQL injections. I'd suggest you use stored procedures with parameters instead, to avoid security issues.

But if I look at this, considering the fact that I don't know where the @insp_mission_number parameters comes from, I'd try this:

string query = string.Format("SELECT im.*, i.first_name + i.surname AS inspector_name, b.name AS branch_name, m.name AS ministry_name FROM (((insp_mission AS im left join inspector as i on im.inspector_id = i.id) left join branch as b on im.insp_branch_id = b.id) left join ministry m on im.ministry_id = m.id)where im.insp_mission_number like '%' + @insp_mission_number + '%' and im.insp_branch_id = @insp_branch_id and im.inspector_id = @inspector_id and im.ministry_id = @ministry_id");

But like I said since I don't know where the parameter is defined, I might be wrong.

Hope it helps.