标准表达式中的数据类型MISMATCH错误(ms访问)

时间:2015-10-12 08:17:34

标签: c# ms-access-2003

请在我的code.it show中找出错误

  

标准表达中的DATA TYPE MISMATCH错误。

OleDbCommand cmd = new OleDbCommand("DELETE tbbill.*, tbgrid.* FROM tbbill INNER JOIN tbgrid ON tbbill.invoice = tbgrid.ginovice WHERE tbbill.invoice ='" + Convert.ToInt32(txtinvoice.Text) + "'", con);
cmd.ExecuteNonQuery();
cmd.Dispose();

2 个答案:

答案 0 :(得分:1)

必须是

OleDbCommand cmd = new OleDbCommand(
                "DELETE tbbill.*, tbgrid.* 
                 FROM tbbill 
                 INNER JOIN tbgrid 
                    ON tbbill.invoice = tbgrid.ginovice 
                 WHERE tbbill.invoice = " + Convert.ToInt32(txtinvoice.Text) , con);

我已从发票中删除''

然而,您应始终使用参数化SQL来阻止SQL注入

OleDbCommand cmd = new OleDbCommand(
                "DELETE tbbill.*, tbgrid.* 
                 FROM tbbill 
                 INNER JOIN tbgrid 
                    ON tbbill.invoice = tbgrid.ginovice 
                 WHERE tbbill.invoice = @invoice", con);

cmd.Parameters.Add("@invoice", Convert.ToInt32(txtinvoice.Text) );  
cmd.ExecuteNonQuery();

答案 1 :(得分:0)

单引号用于字符,如果invoice是数字类型,则需要删除这些引号,如; 

tbbill.invoice = " + Convert.ToInt32(txtinvoice.Text) + ...

但不要这样使用。

始终使用parameterized queries。这种字符串连接对SQL Injection攻击开放。

使用using statement自动处理命令和连接,而不是手动调用Dispose方法。

using(OleDbConnection con = new OleDbConnection(conString))
using(OleDbCommand cmd = con.CreateCommand())
{
    cmd.CommandText = "DELETE tbbill.*, tbgrid.* FROM tbbill INNER JOIN tbgrid ON tbbill.invoice = tbgrid.ginovice WHERE tbbill.invoice = @invoice";
    cmd.Parameters.Add("@invoice", OleDbType.Integer).Value = Convert.ToInt32(txtinvoice.Text);
    // I used OleDbType.Integer in my example. You should use proper OleDbType for your column.
    con.Open();
    cmd.ExecuteNonQuery();
}
相关问题
最新问题