Sql 我无法从数据库中读取Visual basic
从1>>>我可以读取数据库中的项目Sql 我无法从数据库中读取Visual basic,sql,visual-studio-2012,database-connection,Sql,Visual Studio 2012,Database Connection,从1>>>我可以读取数据库中的项目 从2>>>我无法读取项尝试使用参数化查询字符串: Dim conStr As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=D:\databaseVB\bakery.accdb" Dim conn As New OleDbConnection(conStr) Dim cmd As New OleDbCommand Dim reader As Ole
从2>>>我无法读取项尝试使用参数化查询字符串:
Dim conStr As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=D:\databaseVB\bakery.accdb"
Dim conn As New OleDbConnection(conStr)
Dim cmd As New OleDbCommand
Dim reader As OleDbDataReader
Dim Item(5) As String
Dim key = TextBox1.Text
conn.Open()
cmd.Connection = conn
1>>>>> 'cmd.CommandText = "SELECT * FROM Member WHERE number = 3"
2>>>>> cmd.CommandText = "SELECT * FROM Member WHERE number = '" & key & "'"
MessageBox.Show(cmd.CommandText)
reader = cmd.ExecuteReader()
While reader.Read
Item(0) = reader("Number").ToString
Item(1) = reader("FirstName").ToString
Item(2) = reader("LastName").ToString
Item(3) = reader("User").ToString
Item(4) = reader("Pass").ToString
End While
MessageBox.Show(Item(1).ToString)
conn.Close()
在此之后添加您的参数
cmd.CommandText = "SELECT * FROM Member WHERE number = @Number"
此外,您还需要监视数据类型3
的类型为int
,但TextBox1。Text
的类型为string
。您需要将字符串解析为int才能使其工作。
这应该可以做到这一点,防止在混合字符串和变量时出现难看的语法变化;并防止SQL注入攻击
//cmd.Parameters.Add("@Number", SqlDbType.Int).Value = 3;
//It is better to use .TryParse(), incase your users write non numerical values in the Textbox
cmd.Parameters.Add("@Number", SqlDbType.Int).Value = (int)TextBox1.Text;