我的代码有什么问题,我认为选择查询是错误的:
我有一个textbox1,textbox2和textbox3
当我在textbox1中键入employee id并在textbox2中键入Email时,然后在textbox3中根据员工ID和数据库中的电子邮件检索密码...
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
'Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT Password FROM a1_admins WHERE EmployeeId" = TextBox1.Text And "Email" = TextBox2.Text, SQLData)
Dim SQLData As New System.Data.SqlClient.SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True")
Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT Password FROM a1_admins WHERE EmployeeId =" & TextBox1.Text & "And" & "Email" = TextBox2.Text, SQLData)
SQLData.Open()
Dim dtrReader As System.Data.SqlClient.SqlDataReader = cmdSelect.ExecuteReader()
If dtrReader.HasRows Then
While dtrReader.Read()
TextBox3.Text = dtrReader("Password")
End While
Else
TextBox3.Text = ("No customer found for the supplied ID.")
End If
dtrReader.Close()
SQLData.Close()
End Sub
答案 0 :(得分:2)
答案 1 :(得分:1)
您没有在值周围添加引号,也没有添加任何额外的空格。
您的查询确实应该包含以下参数:
SELECT Password FROM a1_admins WHERE EmployeeId = @employeeID And Email = @email
答案 2 :(得分:0)
如果您发布了实际的错误消息,那将非常有用。
但是,我认为您的SQL查询缺少一些空格。它应该是:
Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT Password FROM a1_admins WHERE EmployeeId = " & TextBox1.Text & " And " & "Email = '" & TextBox2.Text & "'", SQLData)
修改
正如其他答案所指出的那样,你应该使用参数。我提供了MSDN article on using Parameters with the SQLCommand类
的链接答案 3 :(得分:0)
试试这个(注意引号) - 假设EmloyeeId是一个int而Email是某种varchar
Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT Password FROM a1_admins WHERE EmployeeId =" & TextBox1.Text & " And Email = '" & TextBox2.Text & "'", SQLData)