Vb.net cmd.ExecuteOnQuery()没有为一个或多个必需参数提供值
我无法添加任何数据,但我的代码中没有错误。它始终显示没有为一个或多个必需参数提供值。有人能帮我吗这是我的项目Vb.net cmd.ExecuteOnQuery()没有为一个或多个必需参数提供值,vb.net,forms,connection,Vb.net,Forms,Connection,我无法添加任何数据,但我的代码中没有错误。它始终显示没有为一个或多个必需参数提供值。有人能帮我吗这是我的项目 Public Class frmStudent Dim cnn As New OleDb.OleDbConnection Private Sub btnClose_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnClose.Click Me.Clos
Public Class frmStudent
Dim cnn As New OleDb.OleDbConnection
Private Sub btnClose_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnClose.Click
Me.Close()
End Sub
Private Sub btnClear_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnClear.Click
Me.txtstdID.Text = ""
Me.txtStdName.Text = ""
Me.txtPhone.Text = ""
Me.txtAddress.Text = ""
Me.txtstdID.Tag = ""
'enable button edit
Me.btnEdit.Enabled = True
'set button add to add label
Me.btnAdd.Text = "Add"
'
Me.txtstdID.Focus()
End Sub
Private Sub RefreshData()
If Not cnn.State = ConnectionState.Open Then
'open connection
cnn.Open()
End If
Dim da As New OleDb.OleDbDataAdapter("SELECT stdid as [ID], " & _
"stdname as [Name], Gender, Phone, Address " & _
" FROM student ORDER BY stdid", cnn)
Dim dt As New DataTable
'fill data to datatable
da.Fill(dt)
'offer data in data table into datagridview
Me.dgvData.DataSource = dt
'close connection
cnn.Close()
End Sub
Private Sub btnAdd_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnAdd.Click
Dim cmd As New OleDb.OleDbCommand
If Not cnn.State = ConnectionState.Open Then
'open connection if it is not yet open
cnn.Open()
End If
cmd.Connection = cnn
'check whether add new or update
If Me.txtstdID.Tag & "" = "" Then
'add new
'add data to table
cmd.CommandText = "INSERT INTO student(stdid, stdname, gender, phone, address) " & _
" VALUES(" & Me.txtstdID.Text & ",'" & Me.txtStdName.Text & "','" & _
Me.cboGender.Text & "','" & Me.txtPhone.Text & "','" & _
Me.txtAddress.Text & "')"
cmd.ExecuteNonQuery()
Else
'update data in table
cmd.CommandText = "UPDATE student " & _
" SET stdid=" & Me.txtstdID.Text & _
", stdname='" & Me.txtStdName.Text & "'" & _
", gender='" & Me.cboGender.Text & "'" & _
", phone='" & Me.txtPhone.Text & "'" & _
", address='" & Me.txtAddress.Text & "'" & _
" WHERE stdid=" & Me.txtstdID.Tag
cmd.ExecuteNonQuery()
End If
'refresh data in list
RefreshData()
'clear form
Me.btnClear.PerformClick()
'close connection
cnn.Close()
End Sub
Private Sub frmStudent_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
cnn = New OleDb.OleDbConnection
cnn.ConnectionString = "Provider=Microsoft.Jet.Oledb.4.0; Data Source=" & Application.StartupPath & "\data.mdb"
'
'get data into list
Me.RefreshData()
End Sub
Private Sub btnEdit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnEdit.Click
'check for the selected item in list
If Me.dgvData.Rows.Count > 0 Then
If Me.dgvData.SelectedRows.Count > 0 Then
Dim intStdID As Integer = Me.dgvData.SelectedRows(0).Cells("id").Value
'get data from database followed by student id
'open connection
If Not cnn.State = ConnectionState.Open Then
cnn.Open()
End If
'get data into datatable
Dim da As New OleDb.OleDbDataAdapter("SELECT * FROM student " & _
" WHERE stdid=" & intStdID, cnn)
Dim dt As New DataTable
da.Fill(dt)
Me.txtstdID.Text = intStdID
Me.txtStdName.Text = dt.Rows(0).Item("stdname")
Me.cboGender.Text = dt.Rows(0).Item("gender")
Me.txtPhone.Text = dt.Rows(0).Item("phone")
Me.txtAddress.Text = dt.Rows(0).Item("address")
'
'hide the id to be edited in TAG of txtstdid in case id is changed
Me.txtstdID.Tag = intStdID
'change button add to update
Me.btnAdd.Text = "Update"
'disable button edit
Me.btnEdit.Enabled = False
'close connection
cnn.Close()
End If
End If
End Sub
Private Sub btnDelete_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnDelete.Click
'check for the selected item in list
If Me.dgvData.Rows.Count > 0 Then
If Me.dgvData.SelectedRows.Count > 0 Then
Dim intStdID As Integer = Me.dgvData.SelectedRows(0).Cells("id").Value
'open connection
If Not cnn.State = ConnectionState.Open Then
cnn.Open()
End If
'delete data
Dim cmd As New OleDb.OleDbCommand
cmd.Connection = cnn
cmd.CommandText = "DELETE FROM student WHERE stdid=" & intStdID
cmd.ExecuteNonQuery()
'refresh data
Me.RefreshData()
'close connection
cnn.Close()
End If
End If
End Sub
End Class
OleDB使用问号?字符作为参数的占位符。如果您的任何文本框包含?,那么您将看到您在标题中提到的错误 正如helrich所说,您应该参数化您的查询。这也将防止针对数据库的SQL注入。这适用于所有查询,而不仅仅是插入 不相关,但OleDBCommand实现IDisposable接口,因此您还应该将其释放或在using块中使用
Using cmd As New OleDBCommand()
'... some code omitted for brevity ...
cmd.CommandText = "INSERT INTO student(stdid, stdname, gender, phone, address) VALUES(?, ?, ?, ?, ?);"
'Add the parameters specified.
'OleDB uses question marks as placeholders.
'Parameters must be added in the correct order.
cmd.Parameters.Add("stdid", txtstdID.Text)
cmd.Parameters.Add("stdname", txtStdName.Text)
cmd.Parameters.Add("gender", cboGender.Text)
cmd.Parameters.Add("phone", txtPhone.Text)
cmd.Parameters.Add("address", txtAddress.Text)
cmd.ExecuteNonQuery()
'... more code omitted for brevity ...
End Using
我的代码中没有错误,并且没有为一个或多个必需参数提供值。这不矛盾吗?您有三个cmd.ExecuteNonQuery,这会导致错误?如果您的任何文本框包含@,则您将被忽略。您应该参数化这些值,这样您就不会意外地参数化您的值。。。