Question

我在vb表单中有以下代码

 Dim dt As New DataTable
    Dim query As String = " select [incident id] as incidentid, ([incident ID] &' '&[incident date]) as incisearch from incident where [stock supplier] =hengwei"
    Using connection As New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Kevin\Desktop\Non Conformance\NonConformance.accdb")
        Using command As New OleDbCommand(query, connection)
            Using adapter As New OleDbDataAdapter(command)
                connection.Open()
                adapter.Fill(dt)
                connection.Close()
            End Using
        End Using
    End Using

    If dt.Rows.Count > 0 Then
        lb_search.DataSource = dt
        lb_search.DisplayMember = "incisearch"
        lb_search.ValueMember = "incidentid"
    End If

我已经使用了查询字符串

select [incident id] as incidentid, ([incident ID] &' '&[incident date]) as incisearch 
from incident 
where [stock supplier] = hengwei

并在Access中直接将其作为查询运行，并按预期返回结果，因此我知道SQL是正确的

但是我收到以下错误消息

没有给出一个或多个必需参数的值。

以下一行突出显示

adapter.Fill(dt)

任何想法导致了什么？

Answer 1

我猜hengwey应为'hengwey'：

SELECT [incident id]                          AS incidentid, 
       [incident id] + ' ' + [incident date]  AS incisearch 
FROM   incident 
WHERE  [stock supplier] = 'hengwei'

我也改变了

([incident ID] &' '&[incident date])

到

[incident id] + ' ' + [incident date]

因为SQL不是VB.NET（但可能在Access中有效）。

如果hengwey实际上是动态的，你应该使用sql-parameters来阻止sql注入：

Dim query As String = "SELECT [incident id] AS incidentid,  [incident id] + ' ' + [incident date] AS incisearch FROM   incident WHERE  [stock supplier] = @hengwei "
' ... '
Dim p As New OleDbParameter("@hengwei", OleDbType.VarChar, 100)
p.Value = txt_supplier.text
command.Parameters.Add(p)
' ... '

Answer 2

您应该在双引号之间编写字符串，否则访问认为它是参数化查询。在你的情况下你应该改变

 where [stock supplier] =hengwei

到

 where [stock supplier] = "hengwei"

如果你想使用hengwei作为参数而不是常量，你应该向数据适配器添加参数，比如

adapter.Parameters.Add("@CompanyName", SqlDbType.NChar, 15, "CompanyName")

有关详细信息，请使用此link

没有给出一个或多个必需参数vb.net的值

2 个答案: