运营商'&'没有为字符串定义 [英] Operator '&' is not defined for string

问题描述

Dim conns As New SqlConnection("Data Source=DESKTOP-IJRIL1\SQLEXPRESS;Initial Catalog=Sample_AES;Integrated Security=True")
Dim SubAD As new SqlDataAdapter("Select SubID, Subject From Subjects Where SubID = " & cbSubID.SelectedValue & "", conns)
Dim subtable As New DataTable

SubAD.Fill(subtable)

txtSubject.Text = subtable(0)(1)

我是什么尝试过：

What I have tried:

Where SubID = " & cbSubID.SelectedItem.ToString & "", conns)

仍有错误。任何建议

there is still an error. any suggestions

推荐答案

首先你不需要结尾& 垃圾。我一直看到newb's并且它完全没用。



在你的问题行上，你用一个然后你尝试添加一个变量来启动一个字符串文字在没有先关闭文字的情况下给它起价值。



接下来，不要使用字符串连接来构建SQL查询。总是使用参数化查询。参见 DataAdapter参数| Microsoft Docs [ ^ ]了解如何操作。



然后去看 Google：sql注入攻击 [ ^ ]为什么。

First you don't need the ending & "" garbage. I see that all the time with newb's and it's completely useless.

On your problem line, you start a string literal with a " and then you try to add a variable value to it without first closing the literal.

Next, DO NOT USE string concatenation to build an SQL query. ALWAYS use parameterized queries. See DataAdapter Parameters | Microsoft Docs[^] for how to do it.

Then go see Google: sql injection attack[^] for why.

这篇关于运营商'&'没有为字符串定义的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！