如何修复此代码以从数据库中获取所有项目? [英] How to fix this code to bring all items from database ?
问题描述
Dim btnsender 作为按钮=发件人
< span class =code-keyword> Dim lbl As String = btnsender.Name
尝试
da = 新 SqlDataAdapter( 选择Item_id,Item_menu_description来自tbl_item,其中Item_Cat =& lbl& ,cn)
da.Fill(dt1)
keycount = -1
对于 每个 btn 作为按钮在 FlowLayoutPanel2.Controls()
keycount + = 1
btn.Text = dt1.Rows(keycount)( 1 )。ToString
' btn.Tag = dt1.Rows(keycount)(0).ToString
Next
Catch ex As 异常
最后
cn.Close()
da = Nothing
dt1.Clear()
结束 尝试
我尝试了什么:
我有5个按钮命名:btn1,btn2,btn3,btn4,btn5和我试图将所有Item_menu_description带到按钮
数据库中的表:Item_id,Item_menu_description,Item_Cat,btnName
Item_id | Item_menu_description | Item_Cat | btnName
--------------------------------------------- --------------
1键盘电脑btn3
2鼠标电脑btn1
3屏幕电脑btn4
我想要Item_menu_description与数据库中的按钮显示的名称相同,例如键盘出现在名为btn3的按钮上,鼠标出现在按钮上名为btn1
请帮我发现代码中的错误
非常感谢
有几种方法您可以解决这个问题,最简单的方法是订购结果
da = 新 SqlDataAdapter( 选择Item_id,Item_menu_description来自tbl_item,其中Item_Cat ='& lbl& '按btnName命令,cn)
如果你有超过9个按钮并使用btn1到btn10作为其名称 - 查询将通过文本值对结果进行排序,因此btn10将在结果集中的btn2之前出现。
另一种方法是执行以下操作;
' 编辑查询以包含btnName字段
da = 新 SqlDataAdapter( SELECT Item_id,Item_menu_description,btnName FROM tbl_item WHERE Item_Cat ='& lbl& ')
对于 每个 btn 作为按钮在 FlowLayoutPanel2中。 Controls()
Dim foundRows() AS DataRow
' 找到特定行
foundRows = dt1。选择( btnName ='& btn.Name& )
如果 foundRows.Length> 0 然后
btn.Text = dt1.Rows(keycount)( 1 )。ToString
' btn.Tag = dt1.Rows( keycount)(0).ToString
结束 如果
< span class =code-keyword>下一页
请花点时间欣赏社区高级成员的评论 - 他们正在努力帮助
亲切的问候
da = 新 SqlDataAdapter( 选择Item_id,Item_menu_description来自tbl_item,其中Item_Cat =& lbl& ,cn)
不是你问题的解决方案,而是你遇到的另一个问题。
永远不要通过连接字符串来构建SQL查询。迟早,您将使用用户输入来执行此操作,这会打开一个名为SQL注入的漏洞,这对您的数据库很容易并且容易出错。
名称中的单引号你的程序崩溃。如果用户输入像Brian O'Conner这样的名称可能会使您的应用程序崩溃,那么这是一个SQL注入漏洞,崩溃是最少的问题,恶意用户输入,并且它被提升为具有所有凭据的SQL命令。
SQL注入 - 维基百科 [ ^ ]
SQL注入 [ ^ ]
按示例进行SQL注入攻击 [ ^ ]
PHP:SQL注入 - 手册 [ ^ ]
SQL注入预防备忘单 - OWASP [ ^ ]
感谢上帝
问题解决了,感谢所有帮助我解决代码问题的人
感谢所有
< pre> dt1.Clear()
尝试
da = 新 SqlDataAdapter( SELECT Item_id,Item_menu_description,btnName FROM tbl_item WHERE Item_Cat ='& 1 & ',cn)
对于 每个 btn 作为按钮在 FlowLayoutPanel2.Controls()
Dim foundRows() As DataRow
da.Fill(dt1)
foundRows = dt1。选择( btnName ='& btn.Name& ')
如果 foundRows.Length> 0 然后
keycount + = 1
btn.Text = foundRows( 0 )。Item( Item_menu_description)。ToString
结束 如果
下一步
Catch ex As 例外
最后
cn.Close()
da = 没什么
dt1.Clear()
结束 尝试
Dim btnsender As Button = sender
Dim lbl As String = btnsender.Name
Try
da = New SqlDataAdapter("Select Item_id, Item_menu_description From tbl_item where Item_Cat = " & lbl & "", cn)
da.Fill(dt1)
keycount = -1
For Each btn As Button In FlowLayoutPanel2.Controls()
keycount += 1
btn.Text = dt1.Rows(keycount)(1).ToString
' btn.Tag = dt1.Rows(keycount)(0).ToString
Next
Catch ex As Exception
Finally
cn.Close()
da = Nothing
dt1.Clear()
End Try
What I have tried:
I have 5 buttons named : btn1,btn2,btn3,btn4,btn5 and i trying to bring all of the Item_menu_description to the buttons The table in database : Item_id,Item_menu_description,Item_Cat,btnName Item_id | Item_menu_description | Item_Cat | btnName ----------------------------------------------------------- 1 keyboard computer btn3 2 Mouse computer btn1 3 screens computer btn4 I want the Item_menu_description to appear on the same names as the buttons in the database, for example the 'keyboard' appears on the button Named 'btn3' and 'Mouse' appears on the button Named 'btn1' Please help me discover the error in the code Thank you so much
There is several ways you could fix this, the simplest is to order your results
da = New SqlDataAdapter("Select Item_id, Item_menu_description From tbl_item where Item_Cat = '" & lbl & "' order by btnName", cn)
You will run into issues if you have more than 9 buttons and use btn1 to btn10 as their names - the query will sort the results via the text value, hence btn10 would come before btn2 in the result set.
An alternative is to do as follows;
' Edit Query to include the btnName field da = New SqlDataAdapter("SELECT Item_id, Item_menu_description, btnName FROM tbl_item WHERE Item_Cat = '" & lbl & "'") For Each btn As Button In FlowLayoutPanel2.Controls() Dim foundRows() AS DataRow ' Locate the specific row foundRows = dt1.Select("btnName = '" & btn.Name & "'") If foundRows.Length > 0 Then btn.Text = dt1.Rows(keycount)(1).ToString ' btn.Tag = dt1.Rows(keycount)(0).ToString End If Next
Please take the time to appreciate comments by senior members of the community - they are trying to help
Kind Regards
da = New SqlDataAdapter("Select Item_id, Item_menu_description From tbl_item where Item_Cat = " & lbl & "", cn)
Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
Thank god Problem solved, thanks for everyone who helped me solve the code problem Thanks to all
<pre> dt1.Clear() Try da = New SqlDataAdapter("SELECT Item_id, Item_menu_description, btnName FROM tbl_item WHERE Item_Cat = '" & 1 & "'", cn) For Each btn As Button In FlowLayoutPanel2.Controls() Dim foundRows() As DataRow da.Fill(dt1) foundRows = dt1.Select("btnName = '" & btn.Name & "'") If foundRows.Length > 0 Then keycount += 1 btn.Text = foundRows(0).Item("Item_menu_description").ToString End If Next Catch ex As Exception Finally cn.Close() da = Nothing dt1.Clear() End Try
这篇关于如何修复此代码以从数据库中获取所有项目?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!