当我的客户编号都是数字时,我有一段代码可以使用。因此,现在已经添加了alpha版本的客户编号,我得到了" nvarchar值的转换' 4000545398'溢出了一个int列。超出最大整数值"我知道的错误超过了210万等... 我的问题在于,数字4000545398是表shipper_sii [a nvarchar(10)]的第一个记录中的批号。
我的表格中的列如下......
custaddr - name (nvarchar (60)), cust_num (nvarchar(7))
co - cust_num (nvarchar(7)), co_num (nvarchar(10))
shipper_sii - co_num (nvarchar(10)), lot (nvarchar(15))
我的声明是......
Dim Carton1 As String
Dim dbCustName As String
Dim dbCustNum As String
有人为我修好了吗?我在这里摸不着头脑...... 我很确定它在我的加入中,但我很难过......
' Get Customer Name
Using connObj2 As New SqlClient.SqlConnection("server=Server;database=App;uid=sa;pwd=password;")
Using cmdObj2 As New SqlClient.SqlCommand("SELECT c2.name, c2.cust_num from custaddr as c2 INNER JOIN co as c1 ON (c2.cust_num = c1.cust_num) INNER JOIN shipper_sii as s1 on (c1.co_num = s1.co_num) WHERE lot = " & Carton1, connObj2)
connObj2.Open()
Using readerObj2 As SqlClient.SqlDataReader = cmdObj2.ExecuteReader
'This will loop through all returned records
While readerObj2.Read
dbCustNum = readerObj2("cust_num").ToString
dbCustName = readerObj2("name").ToString
'handle returned value before next loop here
End While
End Using
connObj2.Close()
End Using
End Using
我的错误弹出了"而readerObj2.Read"。
答案 0 :(得分:1)
您应该使用参数化查询来避免此类错误和Sql Injection问题
Dim cmdText = "SELECT c2.name, c2.cust_num from custaddr as c2 " & _
"INNER JOIN co as c1 ON (c2.cust_num = c1.cust_num) " & _
"INNER JOIN shipper_sii as s1 on (c1.co_num = s1.co_num) " & _
"WHERE lot = @car"
Using cmdObj2 As New SqlClient.SqlCommand(cmdText, connObj2)
cmdObj2.Parameters.AddWithValue("@car", Carton1)
.....
此处lot是一个NVarChar字段,因此,在字符串连接中,这需要Carton1变量周围的引号,但使用参数化查询可以避免该问题。