Question

我已经使用MysqlDataReader从mysql数据库中读取数据，但是每当我以不同的方式对其进行编码时，它仍然会错误地读取数据。这个程序是调度系统，我使用datetimepicker输入时间和日期，然后用户点击按钮CHECK检查它是否已经存在于数据库/不可用的时间表中，否则它会告诉用户该时间表是可用的

Dim reader1, reader2 As MySqlDataReader

MySqlConn.Open()

Dim query2, query1 As String

Dim cmd2 As New MySqlCommand

    'TIME
    query1 = "SELECT * FROM schedule WHERE Date ='" & dtpDate.Text & "'"
    cmd = New MySqlCommand(query1, MySqlConn)
    reader1 = cmd.ExecuteReader
    reader1.Close()

    query2 = "SELECT * FROM schedule WHERE Time ='" & dtpTime.Text & "'"
    cmd2 = New MySqlCommand(query2, MySqlConn)
    reader2 = cmd2.ExecuteReader


    If reader1.HasRows And reader2.HasRows Then
        MsgBox("A Patient already set an appointment for this schedule! Please set another Time & Date.", MsgBoxStyle.Critical, "Schedule exists")
        dtpTime.Select()

    ElseIf reader1.HasRows = 0 And reader2.HasRows = 0 Then
        MsgBox("Schedule is available!", MsgBoxStyle.Information, "Schedule")

    ElseIf reader1.HasRows = 0 And reader2.HasRows Then
        MsgBox("Schedule is available!", MsgBoxStyle.Information, "Schedule")

    ElseIf reader1.HasRows And reader2.HasRows = 0 Then
        MsgBox("Schedule is available!", MsgBoxStyle.Information, "Schedule")
    End If

    MySqlConn.Close()

End Sub

Answer 1

在检查条件之前，您正在关闭阅读器1。阅读＆＃34;阅读＆＃34;它们

Answer 2

检查一个查询中的两个字段。使用参数来避免sql注入攻击。

query1 = "SELECT * FROM schedule WHERE [Date] = @date And [Time] = @time"
cmd.Parameters.AddWithValue("date", dtpDate.Text)
cmd.Parameters.AddWithValue("time", dtpTime.Text)

检查读者是否有数据不起作用

2 个答案: