如何在两个日期之间显示数据..请帮助我 [英] How to show data between two dates..please help me
问题描述
如何在两个日期之间的listview1中显示数据。显示一些错误
请帮助我...........
错误
https://ibb.co/hOOgPa
Listview
https://ibb.co/gyjo4a
数据库
https://ibb.co/eTJ4cv
我尝试了什么:
公共 Sub Displayitemrpt()
如果 cn.State = ConnectionState.Open 然后
cn.Close()
结束 如果
cn.Open()
Dim cmd 正如 新 OleDb.OleDbCommand( SELECT * FROM pur_inv,inv_type,party_ldg WHERE pur_inv.partyID = party_ldg.pa rtyID和pur_inv.invtypid = inv_type.invtypid和purinvdt BETWEEN'& txtdtf.Text& 和& txtdtt.Text& 'ORDER BY purinvdt,cn)
Dim dr As OleDb.OleDbDataReader = cmd.ExecuteReader()
ListView1.Items.Clear()
dr.Read()
Dim new_item 作为 新 _
ListViewItem(dr.Item( purinvdt)。ToString)
new_item.SubItems.Add(dr.Item( purinvid)。ToString)
new_item.SubItems.Add(dr.Item( invno)。ToString)
new_item.SubItems.Add(dr.Item(跨度> invdt)。ToString)
new_item.SubItems.Add(dr.Item( prtynm)。ToString)
new_item.SubItems.Add(dr.Item( invtyp)。ToString)
new_item.SubItems.Add(dr.Item( taxamt)。ToString)
new_item.SubItems.Add(dr.Item( < span class =code-string> tottaxblamt)。ToString)
new_item.SubItems.Add(dr.Item( invamt)。ToString)
ListView1.Items.Add(new_item)
Loop
cn.Close()
结束 Sub
两件事s:
1)永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
2)永远不要相信用户输入:将日期解析为DateTime值(向用户报告问题)并将DateTime值传递给SQL
Dim dtFrom as DateTime
如果 不 DateTime.TryParse(txtdtf.Text,dtFrom)那么
' 报告问题
...
返回
结束 如果
Dim dtTo as DateTime
如果 不 DateTime.TryParse(txtdtt.Text,dtTo)然后
' 报告问题
...
返回
结束 如果
Dim cmd 作为 新 OleDb.OleDbCommand( SELECT * FROM pur_inv,inv_type,party_ldg WHERE pur_inv.partyID = party_ldg.partyID AND pur_inv.invtypid = inv_type.invtypid AND purinvdt BETWEEN @DF AND @DT ORDER BY purinvdt,cn)
cmd .Parameters.AddWithValue( @ DF,dtFrom)
cmd.parameters.AddWithValue( @ DT,dtTo)
...
永远不要在字符串中构建查询!这个错误很常见,它让你对SQL注入开放!这是一件坏事。
首先,这是你的错误:
'& txtdtf.Text& 和& txtdtt.Text& '
此评估为< pre lang =vb> 'mytest and myother'< br $> b $ b
看,你错过了一些'
的
请改用参数。这种问题不会发生!
OleDbCommand.Parameters Property [ ^ ]
这是关于SQL注入的说明:
SQL注入 [ ^
How to show data in listview1 between two dates. Showing Some ERROR
Please help me...........
Error
https://ibb.co/hOOgPa
Listview
https://ibb.co/gyjo4a
Database
https://ibb.co/eTJ4cv
What I have tried:
Public Sub Displayitemrpt()
If cn.State = ConnectionState.Open Then
cn.Close()
End If
cn.Open()
Dim cmd As New OleDb.OleDbCommand("SELECT * FROM pur_inv,inv_type, party_ldg WHERE pur_inv.partyID=party_ldg.partyID and pur_inv.invtypid=inv_type.invtypid and purinvdt BETWEEN '" & txtdtf.Text & " And " & txtdtt.Text & "' ORDER BY purinvdt ", cn)
Dim dr As OleDb.OleDbDataReader = cmd.ExecuteReader()
ListView1.Items.Clear()
Do While dr.Read()
Dim new_item As New _
ListViewItem(dr.Item("purinvdt").ToString)
new_item.SubItems.Add(dr.Item("purinvid").ToString)
new_item.SubItems.Add(dr.Item("invno").ToString)
new_item.SubItems.Add(dr.Item("invdt").ToString)
new_item.SubItems.Add(dr.Item("prtynm").ToString)
new_item.SubItems.Add(dr.Item("invtyp").ToString)
new_item.SubItems.Add(dr.Item("taxamt").ToString)
new_item.SubItems.Add(dr.Item("tottaxblamt").ToString)
new_item.SubItems.Add(dr.Item("invamt").ToString)
ListView1.Items.Add(new_item)
Loop
cn.Close()
End Sub
Two things:
1) Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
2) Never trust user input: parse your dates into DateTime values (reporting problems to the user) and pass the DateTime values to SQL
Dim dtFrom as DateTime If Not DateTime.TryParse(txtdtf.Text, dtFrom) Then ' Report problem ... Return End If Dim dtTo as DateTime If Not DateTime.TryParse(txtdtt.Text, dtTo) Then ' Report problem ... Return End If Dim cmd As New OleDb.OleDbCommand("SELECT * FROM pur_inv,inv_type, party_ldg WHERE pur_inv.partyID=party_ldg.partyID AND pur_inv.invtypid=inv_type.invtypid AND purinvdt BETWEEN @DF AND @DT ORDER BY purinvdt", cn) cmd.Parameters.AddWithValue("@DF", dtFrom) cmd.parameters.AddWithValue("@DT", dtTo) ...
Never build queries in strings! This mistake is common AND it leave you open to SQL Injection! This is a bad thing.
First off, This is your mistake:
"'" & txtdtf.Text & " And " & txtdtt.Text & "'"
this evaluates to"'mytest And myother'"
See, you missed some "'
"'s
Use parameters instead. This kind of issue wouldn't occur!
OleDbCommand.Parameters Property[^]
Here's a note on SQL Injection:
SQL Injection[^]
这篇关于如何在两个日期之间显示数据..请帮助我的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!