如何让用户在查询“Visual Studio 2012”和“SQL server”中输入值
我是VisualStudio的新手,我想让用户在查询中输入一个值 i、 e搜索我将使用的员工如何让用户在查询“Visual Studio 2012”和“SQL server”中输入值,sql,sql-server,database,visual-studio-2010,sql-server-2012,Sql,Sql Server,Database,Visual Studio 2010,Sql Server 2012,我是VisualStudio的新手,我想让用户在查询中输入一个值 i、 e搜索我将使用的员工 Select * From Employee Where ID = (i want the user to enter the value here) 我已经连接了数据库 我知道我可以从文本框中获取值,但我真的不知道如何直接将该值放入查询并立即调用它参数化相对简单 Private Sub Button1_Click(sender As System.Object, e As System.EventA
Select * From Employee Where ID = (i want the user to enter the value here)
我知道我可以从文本框中获取值,但我真的不知道如何直接将该值放入查询并立即调用它参数化相对简单
Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
ExecuteSQL("Data Source=Server;Initial Catalog=Database;Persist Security Info=True;Integrated Security=True", _
"Select * From Employee Where ID=@id",
New SqlClient.SqlParameter("@id", 123))
End Sub
Public Function ExecuteSQL(ByVal Connection As String, _
ByVal SQL As String, _
ByRef Param As SqlClient.SqlParameter) As System.Data.DataTable
Try
Dim dt As System.Data.DataTable = Nothing
Dim SqlRdr As SqlClient.SqlDataReader
Using SqlConn As SqlClient.SqlConnection = New SqlClient.SqlConnection(Connection)
Using SqlCmd As SqlClient.SqlCommand = New SqlClient.SqlCommand(SQL, SqlConn)
SqlCmd.CommandType = CommandType.Text
SqlCmd.Parameters.Add(Param)
SqlConn.Open()
SqlRdr = SqlCmd.ExecuteReader()
Try
If SqlRdr.IsClosed = False AndAlso SqlRdr.HasRows = True Then
dt = New System.Data.DataTable
dt.BeginLoadData()
dt.Load(SqlRdr)
dt.EndLoadData()
End If
Finally
If SqlRdr IsNot Nothing Then
SqlRdr.Close()
End If
End Try
End Using
End Using
Return dt
Catch ex As Exception
Return Nothing
End Try
End Function
你试过什么?你能发布你的代码吗?顺便说一句,从Employee中选择*,其中ID=+TextBox1.Text@sh4nx0r错误建议,允许SQL注入。使用参数化查询。