我有一个让我发疯的问题!
query = "SELECT Formula FROM filterPrice where idCode='" & txtCodigo.Text & "' and (FilterData<='" & cant & "')"
Dim selectCommand As New MySqlCommand(query, Conexion.conn)
priceSelected = Conversions.ToString(selectCommand.ExecuteScalar())
Conexion.Desconecta()
Conexion.conn.Dispose()
但这没有任何回报,任何提示?
答案 0 :(得分:1)
这是使用参数化查询进行数据检索的详细示例:
Dim con as new MySQLConnection("Data Source=<server name>;Initial Catalog=<Db Name>; Integrated Security=True;")
Dim cmdSelectData as new MySQLCommand("SELECT Formula FROM filterPrice where idCode=@IdCode and FilterData<=@Cant", con)
cmdSelectData.Parameters.AddWithValue("@IdCode", txtCodigo.Text)
cmdSelectData.Parameters.AddWithValue("@Cant", cant)
If not con.State=ConnectionState.Open then con.open()
priceSelected=cmdSelectData.ExecuteScalar()
con.Close()
这是一种更安全的数据库方式。希望它有所帮助。