Sql 我无法从数据库中读取Visual basic_Sql_Visual Studio 2012_Database Connection

Sql 我无法从数据库中读取Visual basic

sql visual-studio-2012

Sql 我无法从数据库中读取Visual basic,sql,visual-studio-2012,database-connection,Sql,Visual Studio 2012,Database Connection,从1>>>我可以读取数据库中的项目从2>>>我无法读取项尝试使用参数化查询字符串： Dim conStr As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=D:\databaseVB\bakery.accdb" Dim conn As New OleDbConnection(conStr) Dim cmd As New OleDbCommand Dim reader As Ole

从1>>>我可以读取数据库中的项目

从2>>>我无法读取项

尝试使用参数化查询字符串：

Dim conStr As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=D:\databaseVB\bakery.accdb"
        Dim conn As New OleDbConnection(conStr)
        Dim cmd As New OleDbCommand
        Dim reader As OleDbDataReader
        Dim Item(5) As String
        Dim key = TextBox1.Text

        conn.Open()
        cmd.Connection = conn
       1>>>>> 'cmd.CommandText = "SELECT * FROM Member WHERE number = 3"
       2>>>>> cmd.CommandText = "SELECT * FROM Member WHERE number = '" & key & "'"
        MessageBox.Show(cmd.CommandText)
        reader = cmd.ExecuteReader()
        While reader.Read
            Item(0) = reader("Number").ToString
            Item(1) = reader("FirstName").ToString
            Item(2) = reader("LastName").ToString
            Item(3) = reader("User").ToString
            Item(4) = reader("Pass").ToString
        End While
        MessageBox.Show(Item(1).ToString)
        conn.Close()

在此之后添加您的参数

cmd.CommandText = "SELECT * FROM Member WHERE number = @Number"

此外，您还需要监视数据类型

的类型为

int

，但

TextBox1。Text

的类型为

string

。您需要将字符串解析为int才能使其工作。这应该可以做到这一点，防止在混合字符串和变量时出现难看的语法变化；并防止SQL注入攻击

//cmd.Parameters.Add("@Number", SqlDbType.Int).Value = 3;
//It is better to use .TryParse(), incase your users write non numerical values in the Textbox
cmd.Parameters.Add("@Number", SqlDbType.Int).Value = (int)TextBox1.Text;