我很擅长在Visual Studio中使用M-S Access数据库,因此我不熟悉OLEDB语法。我设法使用各种互联网资源创建了这个程序。到目前为止,我的程序让用户登录登录表单,然后根据用户名和密码字段测试数据,如果匹配,则将用户重定向到第二个表单,然后使用名称从Access数据库收集数据他们已登录,但我一直收到错误" 没有给出一个或多个必需参数的值。"当它尝试执行代码时,根据其名称从数据库中收集数据。到目前为止,这是我的代码:
private void Form2_Load(object sender, EventArgs e)
{
string username = lblName.Text;
OleDbConnection con = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Rhys\Documents\Visual Studio 2013\Projects\AssignmentTrackerV2\AssignmentTrackerV2\bin\Debug\ATDatabase.accdb");
DataTable dt = new DataTable();
con.Open();
OleDbDataReader dr = null;
OleDbCommand cmd = new OleDbCommand("SELECT [Name], [Surname], [Password], [ID] FROM MemberDetails WHERE [Name] = '" + username + "'", con);
//This is where the error is occuring.
**dr = cmd.ExecuteReader();**
while (dr.Read())
{
lblName.Text = (dr["Name"].ToString() + dr["Surname"].ToString());
lblCourseTitle.Text = (dr["CourseTitle"].ToString());
lblID.Text = "ID: " + (dr["MemberID"].ToString());
}
con.Close();
}
任何关于如何修复此错误的建议都会受到赞赏,如前所述,我对OLEDB语法相当新,如果有一个简单的解决方案,请道歉,谢谢!
答案 0 :(得分:1)
尝试使用此代码
string username = lblName.Text;
using(OleDbConnection con = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Rhys\Documents\Visual Studio 2013\Projects\AssignmentTrackerV2\AssignmentTrackerV2\bin\Debug\ATDatabase.accdb"))
{
using(OleDbCommand cmd = new OleDbCommand(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Rhys\Documents\Visual Studio 2013\Projects\AssignmentTrackerV2\AssignmentTrackerV2\bin\Debug\ATDatabase.accdb"))
{
cmd.Connection = con;
cmd.CommandText = "SELECT [Name], [Surname], [Password], [ID] FROM MemberDetails WHERE [Name] = '" + username + "'";
cmd.CommandType = CommandType.Text;
OleDbDataReader dr = null;
try
{
con.Open();
dr = cmd.ExecuteReader();
while (dr.Read())
{
lblName.Text = (dr["Name"].ToString() + dr["Surname"].ToString());
lblCourseTitle.Text = (dr["CourseTitle"].ToString());
lblID.Text = "ID: " + (dr["MemberID"].ToString());
}
con.Close();
}
catch (Exception)
{
throw;
}}}
我希望此代码可以帮助您
答案 1 :(得分:0)
乍一看,它看起来应该有效。无论如何,你做这件事的方式都很糟糕,因为除其他外,它会让你对SQL注入攻击持开放态度。尝试替换它:
OleDbCommand cmd = new OleDbCommand("SELECT [Name], [Surname], [Password], [ID] FROM MemberDetails WHERE [Name] = '" + username + "'", con);
用这个:
OleDbCommand cmd = new OleDbCommand("SELECT [Name], [Surname], [Password], [ID] FROM MemberDetails WHERE [Name] = @Name", con);
cmd.Parameters.AddWithValue("@Name", username);
如果仍然无效,我们可以更仔细地查看。