我收到错误,这是位置0没有行 [英] I am getting error this is no row at position 0
问题描述
大家正在研究ac#项目,在这个项目中,我想选择一些数据并在Datagridview中显示,但我的数据库中有数据,我有一个select的查询但是当我点击按钮这样我得到这个错误的类型这个位置0没有行请帮助我们我只需要尽快交付这个项目,
谢谢。
这里有截图 https:/ /imgur.com/PKvcgY9
https://imgur.com/aeq0weF
https://imgur.com/8AG3LZ4
我尝试过:
Hi Guys am working on a c# project and in this project, I want to select some data and show in Datagridview but I have data in my DB and I have a query of select but when I click the button so I get this type of error this no row at position 0 please help me guys I just need to deliver this project ASAP,
Thanks.
here are the screenshots https://imgur.com/PKvcgY9
https://imgur.com/aeq0weF
https://imgur.com/8AG3LZ4
What I have tried:
dataGridView4.Columns.Add("", "Leave Consumed");
dataGridView4.Columns.Add("", "Leave Allaowed");
dataGridView4.Columns.Add("", "Balance");
for (int i = 0; i < dataGridView4.Rows.Count; i++)
{
DataSet ds1211122 = new DataSet();
DataTable dt1211122 = new DataTable();
ds1211122.Tables.Add(dt1211122);
OleDbDataAdapter da1211122 = new OleDbDataAdapter();
da1211122 = new OleDbDataAdapter("SELECT Sum(USERID) FROM [CHECKINOUT] where [CHECKTYPE]= '" + "I" + "'AND [USERID] = " + dataGridView4.Rows[0].Cells[1].Value.ToString() + "AND [CHECKTIME] Between #" + dateTimePicker2.Value.ToString() + "# AND #" + dateTimePicker1.Value.ToString() + "# Group By [USERID];", VCON);
da1211122.Fill(dt1211122);
int num = 0;
num = Convert.ToInt32(dt1211122.Rows[0][0].ToString());
VCON.Close();
}
推荐答案
错误:位置0没有行
第0行是选择答案的第一条记录,当答案为空时会发生什么?
Row 0 os the first record of answer of select, what happen when answer is empty?
da1211122 = new OleDbDataAdapter("SELECT Sum(USERID) FROM [CHECKINOUT] where [CHECKTYPE]= '" + "I" + "'AND [USERID] = " + dataGridView4.Rows[0].Cells[1].Value.ToString() + "AND [CHECKTIME] Between #" + dateTimePicker2.Value.ToString() + "# AND #" + dateTimePicker1.Value.ToString() + "# Group By [USERID];", VCON);
永远不要通过连接字符串来构建SQL查询。迟早,您将使用用户输入来执行此操作,这会打开一个名为SQL注入的漏洞,这对您的数据库很容易并且容易出错。
名称中的单引号你的程序崩溃。如果用户输入像Brian O'Conner这样的名称可能会使您的应用程序崩溃,那么这是一个SQL注入漏洞,崩溃是最少的问题,恶意用户输入,并且它被提升为具有所有凭据的SQL命令。
SQL注入 - 维基百科 [ ^ ]
SQL注入 [ ^ ]
按示例进行SQL注入攻击 [ ^ ]
PHP:SQL注入 - 手册 [ ^ ]
SQL注入预防备忘单 - OWASP [ ^ ]
我该怎么办?解释没有技术术语的SQL注入? - 信息安全堆栈交换 [ ^ ]
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
这篇关于我收到错误,这是位置0没有行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!