Asp.net 这个查询出了什么问题，任何人都可以使用gridview单元格4中的用户名重新编辑这个查询以从表1中删除整个记录吗。。。？

如果使用USERID作为唯一标识符数据类型和主键，如何删除记录

首先

Imports System.Data.SqlClient

     Dim con As New SqlConnection
                Dim cmd As New SqlCommand
                Try
                    con.ConnectionString = "Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True"
                    con.Open()
                    cmd.Connection = con
                    cmd.CommandText = "DELETE FROM Table1 WHERE UserName =" & GridView1.SelectedRow.Cells(4).ToString
                    cmd.ExecuteNonQuery()

                Catch ex As Exception
                    MsgBox("Error while Deleting record on table..." & ex.Message, "Delete Records")
                Finally
                    con.Close()
                End Try

---

其次，为了避免出现这种情况，您应该使用

我不知道VB.NET，但您的命令文本看起来是：

从UserName=foobar的表1中删除

相对于

从表1中删除，其中用户名='foobar'

。。。看起来我被打败了……）

Imports System.Data.SqlClient

     Dim con As New SqlConnection
                Dim cmd As New SqlCommand
                Try
                    con.ConnectionString = "Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True"
                    con.Open()
                    cmd.Connection = con
                    cmd.CommandText = "DELETE FROM Table1 WHERE UserName =" & GridView1.SelectedRow.Cells(4).ToString
                    cmd.ExecuteNonQuery()

                Catch ex As Exception
                    MsgBox("Error while Deleting record on table..." & ex.Message, "Delete Records")
                Finally
                    con.Close()
                End Try

cmd.CommandText = "DELETE FROM Table1 WHERE UserName ='" & GridView1.SelectedRow.Cells(4).ToString & "'"