在表单上运行以下代码时,我收到上述错误消息
Dim SqlString As String = "select [containmentid],[incidentid],[containmentdate],[containment] from [containment] WHERE [incidentid] = " & lbl_incidentid.Text & ""
Using conn As New OleDbConnection(ConnString)
Using command As New OleDbCommand(SqlString, conn)
Using adapter As New OleDbDataAdapter(command)
conn.Open()
Dim reader As OleDbDataReader = command.ExecuteReader()
Try
If reader.Read() Then
Button1.Visible = False
Else
Button1.Visible = True
End If
Finally
reader.Close()
End Try
End Using
End Using
End Using
我以为是因为我在lbl_incidentid部分周围缺少一个叛逆者,所以如果我修改sql行来阅读
Dim SqlString As String = "select [containmentid],[incidentid],[containmentdate],[containment] from [containment] WHERE [incidentid] = '" & lbl_incidentid.Text & "'"
我现在收到以下错误
标准表达式中的数据类型不匹配。
如果我修改sql行来读取一个我知道的数字,如下所示
Dim SqlString As String = "select [containmentid],[incidentid],[containmentdate],[containment] from [containment] WHERE [incidentid] = 622"
它工作正常,我一定会错过一些明显的东西,但我无法看到它。谁能告诉我为什么我的代码错了?
答案 0 :(得分:2)
也许您需要删除整数周围的撇号。但是,不要试图解决这个问题。而是始终使用sql-parameters。例如,为了防止sql-injection:
Dim SqlString As String = "select [containmentid],[incidentid],[containmentdate],[containment] from [containment] WHERE [incidentid] = @incidentid"
Using conn As New OleDbConnection(ConnString)
Using command As New OleDbCommand(SqlString, conn)
' *** That's all you need to safeguard your code: ***
command.Parameters.Add("@incidentid", OleDbType.Integer).Value = CInt(lbl_incidentid.Text)
Using adapter As New OleDbDataAdapter(command)
conn.Open()
Dim reader As OleDbDataReader = command.ExecuteReader()
Try
If reader.Read() Then
Button1.Visible = False
Else
Button1.Visible = True
End If
Finally
reader.Close()
End Try
End Using
End Using
End Using