Oledbexception未得到处理 [英] Oledbexception was unhandled

问题描述

If Me.DataGridView5.Rows.Count > 0 Then
           If Me.DataGridView5.SelectedRows.Count > 0 Then
               Dim intStdID As String = Me.DataGridView5.SelectedRows(0).Cells(0).Value
               'open connection
               If DataGridView5.Rows.Count = 0 AndAlso DataGridView5.SelectedCells.Count = 0 Then
                   MsgBox("Please select an Account to disable", MsgBoxStyle.Exclamation)
                   Exit Sub
               End If
               If Not cnn.State = ConnectionState.Open Then
                   cnn.Open()
               End If
               'delete data
               Dim cmd As New OleDb.OleDbCommand
               cmd.Connection = cnn
               cmd.CommandText = "DELETE FROM AccAdmin WHERE Username=" & intStdID
               cmd.ExecuteNonQuery()
               'refresh data
               Me.RefreshData()

               'close connection
               cnn.Close()
           End If
       End If

我尝试了什么：



我遇到的问题是没有给出一个或多个必需参数的值

What I have tried:

I'm getting a problem no value given for one or more required parameters

推荐答案

intStdID是一个字符串，您可以从DataGridView中读取它 - 因此它可以包含 任何 。 br />
当您连接字符串以形成SQL查询时，您正在做两件事：

1）给自己一个潜在的p源像这样的问题。

更重要的是

2）让你自己接受SQL注入攻击，这可能会破坏你的数据库。



要解决此问题，请始终使用参数化查询。如果你不这样做，请定期备份你的dB - 我建议每分钟左右 - 因为它不是如果你的数据库会被损坏，它是何时

intStdID is a string, which you read from your DataGridView - hence it could contain anything.
When you concatenate strings to form SQL queries, you are doing two things:
1) giving yourself a source of potential problems like this one.
And much more importantly
2) leaving yourself open to SQL Injection attacks, which can damage of destroy your database.

To solve this, use parameterized queries at all times. If you don't, take backups of your dB at regular intervals - I'd suggest every minute or so - because it's not "if" your DB will be damaged, it's "when"

这篇关于Oledbexception未得到处理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！