请在我的code.it show中找出错误
标准表达中的DATA TYPE MISMATCH错误。
OleDbCommand cmd = new OleDbCommand("DELETE tbbill.*, tbgrid.* FROM tbbill INNER JOIN tbgrid ON tbbill.invoice = tbgrid.ginovice WHERE tbbill.invoice ='" + Convert.ToInt32(txtinvoice.Text) + "'", con);
cmd.ExecuteNonQuery();
cmd.Dispose();
答案 0 :(得分:1)
必须是
OleDbCommand cmd = new OleDbCommand(
"DELETE tbbill.*, tbgrid.*
FROM tbbill
INNER JOIN tbgrid
ON tbbill.invoice = tbgrid.ginovice
WHERE tbbill.invoice = " + Convert.ToInt32(txtinvoice.Text) , con);
我已从发票中删除''
然而,您应始终使用参数化SQL来阻止SQL注入
OleDbCommand cmd = new OleDbCommand(
"DELETE tbbill.*, tbgrid.*
FROM tbbill
INNER JOIN tbgrid
ON tbbill.invoice = tbgrid.ginovice
WHERE tbbill.invoice = @invoice", con);
cmd.Parameters.Add("@invoice", Convert.ToInt32(txtinvoice.Text) );
cmd.ExecuteNonQuery();
答案 1 :(得分:0)
单引号用于字符,如果invoice
是数字类型,则需要删除这些引号,如;
tbbill.invoice = " + Convert.ToInt32(txtinvoice.Text) + ...
始终使用parameterized queries。这种字符串连接对SQL Injection攻击开放。
使用using
statement自动处理命令和连接,而不是手动调用Dispose
方法。
using(OleDbConnection con = new OleDbConnection(conString))
using(OleDbCommand cmd = con.CreateCommand())
{
cmd.CommandText = "DELETE tbbill.*, tbgrid.* FROM tbbill INNER JOIN tbgrid ON tbbill.invoice = tbgrid.ginovice WHERE tbbill.invoice = @invoice";
cmd.Parameters.Add("@invoice", OleDbType.Integer).Value = Convert.ToInt32(txtinvoice.Text);
// I used OleDbType.Integer in my example. You should use proper OleDbType for your column.
con.Open();
cmd.ExecuteNonQuery();
}