如何通过下拉列表从数据库中删除值?

时间:2015-02-23 11:56:46

标签: mysql sql asp.net database vb.net

基本上我正在尝试通过从下拉列表中选择他们的姓名并单击“完成”来向用户提供删除与员工相关的数据的功能,但我不断收到错误消息,例如

  

“语法不正确”,“”

但我已经放入了检查站,并且可以看到没有任何价值被提取,所以我想知道是否有人知道我哪里出错了?

 Dim Con As SqlConnection
    Dim cmd As SqlCommand
    Dim recordsAffected As String
    Dim cmdstring As String = "Delete StaffID, FullName, Gender, Age, Driver, StartDate, ContactNumber, Waistcoat WHERE FullName = DropDownList1.SelectedValue"
    Con = New SqlConnection("Data Source=OISINMCGRANN-PC\SQLEXPRESS;Initial Catalog=YellowDoor;Integrated Security=True")
    cmd = New SqlCommand(cmdstring, Con)
    Con.Open()
    RecordsAffected = cmd.ExecuteNonQuery()
    Con.Close()
End Sub

我在没有引号下拉列表的情况下尝试了这个:

   Dim Con As SqlConnection
        Dim cmd As SqlCommand
        Dim recordsAffected As String
        Dim cmdstring As String = "Delete StaffID, FullName, Gender, Age, Driver, StartDate, ContactNumber, Waistcoat WHERE FullName =" + DropDownList1.SelectedValue
        Con = New SqlConnection("Data Source=OISINMCGRANN-PC\SQLEXPRESS;Initial Catalog=YellowDoor;Integrated Security=True")
        cmd = New SqlCommand(cmdstring, Con)
        Con.Open()
        RecordsAffected = cmd.ExecuteNonQuery()
        Con.Close()
    End Sub

2 个答案:

答案 0 :(得分:0)

如果您使用的是MySql,则查询应为

DELETE FROM table_name
WHERE some_column = some_value

我在查询中看不到任何表名

Delete [FROM TABLE?] WHERE FullName =" + DropDownList1.SelectedValue

答案 1 :(得分:0)

使用参数化查询并避免sql injection 

 Dim cmdstring As String = "Delete from tablename WHERE FullName =@FullName";

cmd.Parameters.AddWithValue("FullName",DropDownList1.SelectedValue);


cmd.Parameters.Add("@FullName", SqlDbType.VarChar, 50).Value =DropDownList1.SelectedValue;
相关问题
最新问题