C#OLEDB ExecuteReader错误

时间:2015-07-27 23:09:18

标签: c# ms-access oledb

我很擅长在Visual Studio中使用M-S Access数据库,因此我不熟悉OLEDB语法。我设法使用各种互联网资源创建了这个程序。到目前为止,我的程序让用户登录登录表单,然后根据用户名和密码字段测试数据,如果匹配,则将用户重定向到第二个表单,然后使用名称从Access数据库收集数据他们已登录,但我一直收到错误" 没有给出一个或多个必需参数的值。"当它尝试执行代码时,根据其名称从数据库中收集数据。到目前为止,这是我的代码:

private void Form2_Load(object sender, EventArgs e)
    {
        string username = lblName.Text;
        OleDbConnection con = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Rhys\Documents\Visual Studio 2013\Projects\AssignmentTrackerV2\AssignmentTrackerV2\bin\Debug\ATDatabase.accdb");
        DataTable dt = new DataTable();
        con.Open();
        OleDbDataReader dr = null;
        OleDbCommand cmd = new OleDbCommand("SELECT [Name], [Surname], [Password], [ID] FROM MemberDetails WHERE [Name] = '" + username + "'", con);
//This is where the error is occuring.
        **dr = cmd.ExecuteReader();**
        while (dr.Read())
        {
            lblName.Text = (dr["Name"].ToString() + dr["Surname"].ToString());
            lblCourseTitle.Text = (dr["CourseTitle"].ToString());
            lblID.Text = "ID: " + (dr["MemberID"].ToString());
        }
        con.Close();
    }

任何关于如何修复此错误的建议都会受到赞赏,如前所述,我对OLEDB语法相当新,如果有一个简单的解决方案,请道歉,谢谢!

2 个答案:

答案 0 :(得分:1)

尝试使用此代码

     string username = lblName.Text;
    using(OleDbConnection con = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Rhys\Documents\Visual Studio 2013\Projects\AssignmentTrackerV2\AssignmentTrackerV2\bin\Debug\ATDatabase.accdb"))
    {
         using(OleDbCommand cmd = new OleDbCommand(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\Rhys\Documents\Visual Studio 2013\Projects\AssignmentTrackerV2\AssignmentTrackerV2\bin\Debug\ATDatabase.accdb"))
         {
            cmd.Connection = con;
            cmd.CommandText = "SELECT [Name], [Surname], [Password], [ID] FROM MemberDetails WHERE [Name] = '" + username + "'";
            cmd.CommandType = CommandType.Text;
            OleDbDataReader dr = null;
            try 
            {           
                con.Open();
                dr = cmd.ExecuteReader();
                while (dr.Read())
                {
                   lblName.Text = (dr["Name"].ToString() + dr["Surname"].ToString());
                   lblCourseTitle.Text = (dr["CourseTitle"].ToString());
                   lblID.Text = "ID: " + (dr["MemberID"].ToString());
                }
                con.Close();
            }
            catch (Exception)
            {
                throw;
            }}}

我希望此代码可以帮助您

答案 1 :(得分:0)

乍一看,它看起来应该有效。无论如何,你做这件事的方式都很糟糕,因为除其他外,它会让你对SQL注入攻击持开放态度。尝试替换它:

OleDbCommand cmd = new OleDbCommand("SELECT [Name], [Surname], [Password], [ID] FROM MemberDetails WHERE [Name] = '" + username + "'", con);

用这个:

OleDbCommand cmd = new OleDbCommand("SELECT [Name], [Surname], [Password], [ID] FROM MemberDetails WHERE [Name] = @Name", con);

cmd.Parameters.AddWithValue("@Name", username);

如果仍然无效,我们可以更仔细地查看。