条件表达式中的数据类型不匹配

时间:2013-10-23 09:53:56

标签: vb.net oledb oledbdatareader

 myConnection.Open()
    rtb_Address.Clear()
    txt_Name.Clear()
    Dim str As String
    str = "SELECT * FROM table1 WHERE (cus_ID = '" & txt_ID.Text & "')"
    Dim cmd As OleDbCommand = New OleDbCommand(str, myConnection)

    dr = cmd.ExecuteReader()

    While dr.Read()
        rtb_Address.Text = dr("cus_Addr").ToString
        txt_Name.Text = dr("cus_Name").ToString
    End While
    myConnection.Close()

dr = cmd.ExecuteReader()

时出错

dr被声明为OleDbDataReader

2 个答案:

答案 0 :(得分:0)

cus_ID可能是一种数字数据类型,但您尝试使用字符串(cus_ID = 'thevalue')进行查询。

只需移除封闭的'(cus_ID = thevalue)

即可

或更好,使用参数化查询来阻止sql注入。

答案 1 :(得分:-1)

我会推荐以下内容:

 Using cmd As New OleDbCommand("SELECT * FROM table1 WHERE cus_ID = @ID", con)
    cmd.Parameters.AddWithValue("@ID", txt_ID.Text)

    dr = cmd.ExecuteReader()

    While dr.Read()
      rtb_Address.Text = dr("cus_Addr").ToString
      txt_Name.Text = dr("cus_Name").ToString
    End While

 End Using