我正在尝试获取放在列表框中的项目的数据库值以显示到文本框。 (vb.net)
我的数据库表名是'productlog',在此表中有3列,productid,productname和price。我得到的产品名称显示在我制作的列表框中,现在我试图在3个文本框上显示3列。但是,我的ExecuteReader行上出现“条件表达式中的数据类型不匹配”错误。这是我的代码:
Public Class shop
Dim provider As String
Dim datafile As String
Dim connString As String
Dim myConnection As OleDbConnection = New OleDbConnection
Private Sub listboxitems_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles listboxitems.SelectedIndexChanged
Dim lbconn As New OleDb.OleDbConnection("PROVIDER=Microsoft.ACE.Oledb.12.0; Data Source = C:\Users\USER PC\Desktop\orderDB1.accdb")
Dim lbcmd As New OleDb.OleDbCommand("SELECT productid, product, price FROM productlog WHERE productid =' & listboxitems.Text & ' AND product ='" & listboxitems.Text & "' AND price =' & listboxitems.Text & '", lbconn)
Dim lbreader As OleDbDataReader
lbconn.Open()
lbreader = lbcmd.ExecuteReader() 'error appearing right here'
While lbreader.Read
txtproductid.Text = lbreader.GetInt32("productid")
txtproduct.Text = lbreader.GetString("product")
txtprice.Text = lbreader.GetInt32("price")
End While
lbconn.Close()
End Sub
基于我查找的其他问题,可能是因为'productid'和'price'都是整数,而我正在做的是String。我试图删除双引号('& txtproductid.Text“')并根据我查找的另一个问题将它们变成'txtproductid.Text'。我看到的另一个答案是将字符串转换为整数 - 'lbcmd.Parameters.AddwithValue(“@ productid”,ConvertInt32(“txtproductid.Text”))''不确定这是否正确但我最终得到了相同的错误。我该如何解决此错误?感谢。
更新代码:
Private Sub listboxitems_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles listboxitems.SelectedIndexChanged
Using lbconn As New OleDb.OleDbConnection("PROVIDER=Microsoft.ACE.Oledb.12.0; Data Source = C:\Users\USER PC\Desktop\orderDB1.accdb")
Using lbcmd As New OleDb.OleDbCommand("SELECT productid, product, price FROM productlog WHERE productid = ? AND product = ? AND price = ?", lbconn)
'Set your values here. The parameters must be added in the same order that they
'appear in the sql SELECT command
Dim prodidparam As New OleDbParameter("@productid", Me.txtproductid.Text)
Dim prodparam As New OleDbParameter("@product", Me.txtproduct.Text)
Dim priceparam As New OleDbParameter("@price", Me.txtprice.Text)
lbcmd.Parameters.Add(prodidparam)
lbcmd.Parameters.Add(prodparam)
lbcmd.Parameters.Add(priceparam)
'Open the connection
lbconn.Open()
Using lbreader As OleDbDataReader = lbcmd.ExecuteReader()
While lbreader.Read
txtproductid.Text = lbreader.GetInt32("productid").ToString()
txtproduct.Text = lbreader.GetString("product")
txtprice.Text = lbreader.GetInt32("price").ToString()
End While
End Using
End Using
End Using
End Sub
答案 0 :(得分:0)
您不应该像在此处一样使用字符串连接来创建SQL查询。这打开了你的SQL注入黑客。相反,您应该使用参数化查询。
尝试这样的事情(未经测试):
Using lbconn As New OleDb.OleDbConnection("PROVIDER=Microsoft.ACE.Oledb.12.0; Data Source = C:\Users\USER PC\Desktop\orderDB1.accdb")
Using lbcmd As New OleDb.OleDbCommand("SELECT productid, product, price FROM productlog WHERE productid = ? AND product = ? AND price = ?", lbconn)
'Set your values here. The parameters must be added in the same order that they
'appear in the sql SELECT command
lbcmd.Parameters.Add("productid", OleDb.OleDbType.Integer).Value = 1234
lbcmd.Parameters.Add("product", OleDb.OleDbType.VarChar).Value = "value of product"
lbcmd.Parameters.Add("price", OleDb.OleDbType.Integer).Value = 999
'Open the connection
lbconn.Open()
Using lbreader As OleDbDataReader = lbcmd.ExecuteReader()
While lbreader.Read
txtproductid.Text = lbreader.GetInt32("productid").ToString()
txtproduct.Text = lbreader.GetString("product")
txtprice.Text = lbreader.GetInt32("price").ToString()
End While
End Using
End Using
End Using
由于您的代码使用OleDbConnection,因此无法使用命名参数。请注意SELECT语句中的问号哪个服务器作为值的占位符。
请注意,使用OleDb时,您必须按照sql查询中显示的顺序添加参数。
使用...结束使用语句可确保正确放置连接,命令和数据引导器。