我在数据库中遇到了一个问题,但我不知道为什么 [英] I have facing a issue in database but I dont know why
本文介绍了我在数据库中遇到了一个问题,但我不知道为什么的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Hello Guys, am facing a little issue i got an error no value given for one or more required parameters.
What I have tried:
DataSet dsa = new DataSet();
DataTable dt = new DataTable();
dsa.Tables.Add(dt);
OleDbDataAdapter da = new OleDbDataAdapter();
da = new OleDbDataAdapter("SELECT [Flavours],COUNT(Flavours)As[asdf] From [Total] Where [Dates] >= #" + dateTimePicker1.Value.ToString("dd/MM/yyyy") + "# AND [Dates] <= #" + dateTimePicker2.Value.ToString("dd/MM/yyyy") + "# Group By [Flavours]", VCON);
da.Fill(dt);
dataGridView1.DataSource = dt;
VCON.Close();
推荐答案
停止使用字符串连接传递值 - 使用参数化查询代替:
Stop using string concatenation to pass values - use a parameterised query instead:
OleDbDataAdapter da = new OleDbDataAdapter();
da = new OleDbDataAdapter("SELECT [Flavours],COUNT(Flavours)As[asdf] From [Total] Where [Dates] BETWEEN ? AND ? Group By [Flavours]", VCON);
da.SelectCommand.Parameters.AddWithValue("?", dateTimePicker1.Value);
da.SelectCommand.Parameters.AddWithValue("?", dateTimePicker2.Value);
da.Fill(dt);
如果您习惯使用字符串连接,请注意您的数据库存在SQL注入的风险,其中用户是只需键入文本框即可销毁它: xkcd:对妈妈的利用 [ ^ ]
始终使用参数化查询。
If you are habitually using string concatenation, then be aware that your database is at risk for SQL Injection, where a user can destroy it just by typing in text boxes: xkcd: Exploits of a Mom[^]
Always use parameterised queries.
包含查询的字符串不正确。尝试通过参数传递值。
Hi,
Your string containing query is not correct. Try pass values through parameters.
OleDbDataAdapter da = new OleDbDataAdapter();
da = new OleDbDataAdapter(SELECT [Flavors],COUNT(Flavors)As [ asdf]从[Total] Where [Dates] BETWEEN Columnname1和Columnname2 Group by [Flavors],VCON);
da.SelectCommand.Parameters.AddWithValue(@ Columnname1,dateTimePicker1.Value);
da.SelectCommand.Parameters.AddWithValue(@ Columnname1,dateTimePicker2.Value);
da.Fill(dt);
其中@Columnname / @Parametername与数据库中的相同。
您也可以将dateTimePicker1.Value转换为数据库端所需的字符串或日期时间
OleDbDataAdapter da = new OleDbDataAdapter();
da = new OleDbDataAdapter("SELECT [Flavours],COUNT(Flavours)As[asdf] From [Total] Where [Dates] BETWEEN Columnname1 AND Columnname2 Group By [Flavours]", VCON);
da.SelectCommand.Parameters.AddWithValue("@Columnname1", dateTimePicker1.Value);
da.SelectCommand.Parameters.AddWithValue("@Columnname1", dateTimePicker2.Value);
da.Fill(dt);
Where @Columnname / @Parametername is same as in database.
also you can convert dateTimePicker1.Value to string or datetime as required in database side
这篇关于我在数据库中遇到了一个问题,但我不知道为什么的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
