我有一个小型项目来更新数据库中的库存,我想确保产品是否存在于数据库中,它应该在文本框TxtCode.Text中显示产品代码,但它不起作用。这是我的代码,请帮助
Private Sub TxtCode_Validating(sender As Object, e As System.ComponentModel.CancelEventArgs) Handles TxtCode.Validating
con = New OleDbConnection("Provider=Microsoft.Jet.Oledb.4.0; Data Source=" & Application.StartupPath & "\pharmacy.mdb")
con.Open()
Dim ct1 As String = "select code from stock where ProductName= '" & TxtPrdtName.Text & "', company= '" & CmbCompany.Text & "' and Type= '" & CmbType.Text & "'"
Dim rdr As OleDbDataReader
cmd = New OleDbCommand(ct1)
cmd.Connection = con
rdr = cmd.ExecuteReader()
If rdr.Read Then
TxtCode.Text = rdr("code").ToString
If Not rdr Is Nothing Then
rdr.Close()
End If
End If
End Sub
答案 0 :(得分:1)
应用于WHERE子句的不同条件应由AND / OR逻辑运算符链接在一起 您的代码缺少第一个和第二个条件之间的AND / OR运算符
但是你应该重写它来删除字符串连接并传递给参数化查询方法。
Dim ct1 As String = "select code from stock " & _
"where ProductName= @prod " & _
"AND company= @cpy " & _
"AND Type=@typ"
Using con = New OleDbConnection("Provider=Microsoft.Jet.Oledb.4.0; Data Source=" & _
Application.StartupPath & "\pharmacy.mdb")
con.Open()
Using cmd = New OleDbCommand(ct1, con)
cmd.Parameters.AddWithValue("@prod",TxtPrdtName.Text)
cmd.Parameters.AddWithValue("@cpy",CmbCompany.Text)
cmd.Parameters.AddWithValue("@typ",CmbType.Text)
Using rdr = cmd.ExecuteReader()
If rdr.Read Then
TxtCode.Text = rdr("code").ToString
End If
End Using
End Using
End Using
使用参数化查询有助于避免Sql注入(尽管在MS Access中是罕见的事件),但在代码的清晰度方面有很大帮助。 (看一下sql命令文本的可读性)最后,使用参数化查询将工作转移到引用字符串,解析日期并将小数解释为数据库引擎。
答案 1 :(得分:0)
不确定究竟什么不起作用,但您的SQL语句缺少AND。
Dim ct1 As String = "select code from stock where ProductName= '" & TxtPrdtName.Text & "' AND company= '" & CmbCompany.Text & "' and Type= '" & CmbType.Text & "'"