下面的代码“”如果在“搜索按钮”中工作,但是我想在“加载表单”中使用它,当我运行它时应该自动将数据显示到datagridview中,这给出了上面提到的错误。任何建议将不胜感激。
Private Sub Search_Record()
Dim conn As New OleDbConnection
Dim cmd As New OleDbCommand
Dim da As New OleDbDataAdapter
Dim dt As New DataTable
Dim sSQL As String = String.Empty
Try
conn = New OleDbConnection(Get_Constring)
conn.Open()
cmd.Connection = conn
cmd.CommandType = CommandType.Text
sSQL = "SELECT Username, lname + ', ' + fname + ' ' + mname as name, password FROM Instructor"
If Me.cboSearchBy.Text = "Name" Then
sSQL = sSQL & " where lname + ', ' + fname + ' ' + mname like '%" & Me.txtSearch.Text & "%'"
sSQL = sSQL & " and level like '%instructor%'"
Else
sSQL = sSQL & " where Username =" & Me.txtSearch.Text
sSQL = sSQL & " and level like '%instructor%'"
End If
cmd.CommandText = sSQL
da.SelectCommand = cmd
da.Fill(dt)
Me.dtgResult.DataSource = dt
If dt.Rows.Count = 0 Then
MsgBox("No record found!")
End If
Catch ex As Exception
MsgBox(ErrorToString)
Finally
conn.Close()
End Try
End Sub
答案 0 :(得分:4)
当表单开始且txtSearch文本框中没有文本时,您的查询会出现语法错误。如果您使用了参数化查询,则可以避免此错误
(更不用说家庭问题Sql Injection)
Using conn = New OleDbConnection(Get_Constring)
Using cmd = new OleDbComman()
conn.Open()
cmd.Connection = conn
sSQL = "SELECT Username, lname + ', ' + fname + ' ' + mname as name, password FROM Instructor"
If Me.cboSearchBy.Text = "Name" Then
sSQL = sSQL & " where lname + ', ' + fname + ' ' + mname like ? and level like ?"
Else
sSQL = sSQL & " where Username = ? and level like ?"
End If
cmd.CommandText = sSQL
cmd.Parameters.AddWithValue("@1", "%" & txtSearch.Text & "%")
cmd.Parameters.AddWithValue("@2", "%instructor%")
Using da = new OleDbDataAdapter(cmd)
da.Fill(dt)
Me.dtgResult.DataSource = dt
If dt.Rows.Count = 0 Then
MsgBox("No record found!")
End If
End Using
End Using
此外,如果您正在使用MS-Access数据库,请记住,PASSWORD是一个保留关键字,当您在上述查询中使用时,需要将其封装在方括号之间。
SELECT ......., [Password] ........