尝试编辑在数据库中输入的信息时,我收到以下错误。
其他信息:查询表达式中的语法错误(缺少运算符)'项目ID = 1'。
有人可以帮忙吗?感谢
Private Sub btnEdit_Click(sender As Object, e As EventArgs) Handles btnEdit.Click
'check for the selected item in list
If Me.dgvData.Rows.Count > 0 Then
If Me.dgvData.SelectedRows.Count > 0 Then
Dim intItemID As Integer = Me.dgvData.SelectedRows(0).Cells("Item ID").Value
'Get the data from database followed Item ID
'Open the connection
If Not cnn.State = ConnectionState.Open Then
cnn.Open()
End If
'Get the data into the datatable
Dim da As New OleDb.OleDbDataAdapter("SELECT * FROM Product " & _
" WHERE Item ID =" & intItemID, cnn)
Dim dt As New DataTable
da.Fill(dt)
Me.txtItemID.Text = intItemID
Me.txtItemName.Text = dt.Rows(0).Item("Item Name")
Me.cboItemType.Text = dt.Rows(0).Item("Item Type")
Me.txtQuantity.Text = dt.Rows(0).Item("Quantity")
Me.txtMinShelfStock.Text = dt.Rows(0).Item("Min Shelf Stock")
Me.txtPurchasePrice.Text = dt.Rows(0).Item("Purchase Price")
Me.txtNote.Text = dt.Rows(0).Item("Note")
'
'Hide the ID to be edited in TAG of txtItemID in case ID is changed
Me.txtItemID.Tag = intItemID
'Change the add button to update
Me.btnAdd.Text = "Update"
'Disable the Edit button
Me.btnEdit.Enabled = False
'Close the connection
cnn.Close()
End If
End If
End Sub
答案 0 :(得分:1)
如果您的字段名称包含空格,则需要将其括在方括号中以避免混淆数据库引擎的SQL解析器
SELECT * FROM Product WHERE [Item ID] .....
此外,虽然您的查询文本被Sql Injection攻击的可能性很小,但使用参数化查询而不是字符串连接始终是最佳做法
Dim da As New OleDb.OleDbDataAdapter("SELECT * FROM Product " & _
" WHERE [Item ID] = ?", cnn)
da.SelectCommand.Parameters.AddWithValue("@p1", intItemID)