Plz给我一个解决这个问题的方法。 [英] Plz give me a solution of this que.

问题描述

如何从asp页面上的oledb数据库中检索所有消息。

格式为左侧是发送方消息，右侧是接收方消息。



我尝试过：



dim cmd as new oledbcommand（select count（*）from message其中sender ='& textbox1&'，con）

n = cmd.executesclare

如果n> 0则

cmd = new oledbcommand（select message from message where sender ='& textbox1&'，con）

label1.text = cmd.executescalar（）

endif

解决方案

忽略那不起作用，因为Textbox与内容不一样，所以从不这样做！

不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。

例如：

  Dim  cmd 作为 新 OledbCommand（  SELECT COUNT（*）FROM message WHERE sender = @SNDR，con）
 cmd.Parameters.AddWithValue（  @ SNDR，textbox1.Text）
n = cmd.ExecuteScalar（）

修复可能解决你的问题，但连接字符串来做这件事是非常危险的，特别是在网络应用程序中，任何人都可以通过在文本框中输入来从世界的另一端删除你的数据库！

首先，不要这么粗鲁。并为您的问题使用正确的标题。



您需要了解的有关数据访问的最重要的事情是如何使用参数。 从不将用户值连接到SQL语句中。

接下来，获取记录数是毫无意义的浪费时间。

最后，如果你期望收到许多记录，使用ExecuteReader，而不是ExecuteScalar。



我假设您使用Access作为数据库。使用Access和其他一些数据库的参数并不像SQL Server和其他一些数据库那么简单，但是如果你小心的话可以这样做。



我的VB-fu很弱，但这应该足以让你前进：

  dim  cmd  as   new  oledbcommand（ 从message中选择消息，其中sender = @ sendername，con）
  dim  prm  as  cmd.createparameter（）
 prm.parametername =   sendername 
 prm.value = textbox1 
 cmd.parameters.add（prm）
  dim  rdr  as  cmd.executereader（）
  while （rdr.read（））
 ' 处理数据值 
 结束   

how to retrieve all message from database of oledb on the page of asp.
in the format of left side is sender message and right side is reciever message.

What I have tried:

dim cmd as new oledbcommand("select count(*) from message where sender='"&textbox1&"'",con)
n=cmd.executesclare
if n>0 then
cmd=new oledbcommand("select msg from message where sender='"&textbox1&"'",con)
label1.text=cmd.executescalar()
endif

解决方案

Ignoring that that won't work, because a Textbox is not the same as the content, start by never doing it like that!
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
For example:

Dim cmd As New OledbCommand("SELECT COUNT(*) FROM message WHERE sender = @SNDR",con)
cmd.Parameters.AddWithValue("@SNDR", textbox1.Text)
n=cmd.ExecuteScalar()

Fixing that may solve your problem as well, but concatenating strings to do this is very dangerous, particularly in a web application, where anyone could delete your database from the other side of the world just by typing in your text box!

First, don't be so rude. And use a proper title for your question.

The most important thing you need to learn about data access is how to use parameters. Never concatenate user values into an SQL statement.
Next, getting the count of records is a pointless waste of time.
Finally, if you expect to receive many records, use ExecuteReader, not ExecuteScalar.

I assume you are using Access as a database. Using parameters with Access, and some other databases, is not as easy as with SQL Server and some others, but it can be done if you're careful.

My VB-fu is weak, but this should be enough to get you going:

dim cmd as new oledbcommand("select msg from message where sender=@sendername",con)
dim prm as cmd.createparameter()
prm.parametername="sendername"
prm.value=textbox1
cmd.parameters.add(prm)
dim rdr as cmd.executereader()
while(rdr.read())
  'do stuff with the data values
end while

这篇关于Plz给我一个解决这个问题的方法。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！