访问数据库错误::“没有给出一个或多个必需参数的值”。 [英] Access Database error:: “No value given for one or more required parameters.”
问题描述
上的一个或多个必需参数没有赋值OleDbDataReader dr1 = cmd1.ExecuteReader();
我发贴的代码。请帮助我。
OleDbConnection con = new OleDbConnection(conn);
con.Open();
for(int i = 0; i< dgv.Rows.Count; i ++)
{
string query =select General from General where AccCode = '+
dgv.Rows [i] .Cells [0] .Value +
'和conpanyID ='+
label1.Text +';
OleDbCommand cmd1 = new OleDbCommand(query,con);
// OleDbDataAdapter daBranchName = new OleDbDataAdapter(cmd);
OleDbDataReader dr1 = cmd1.ExecuteReader();
while(dr1.Read())
{
dgv.Rows [i] .Cells [1] .Value = dr1 [Description] ToString();
}
}
con.Close();
这种字符串连接对 SQL注入 攻击
使用 参数化查询 。
string query =select [Description] from [General] where AccCode =?和conpanyID =?;
OleDbCommand cmd1 = new OleDbCommand(query,con);
cmd1.Parameters.AddWithValue(@ acc,dgv.Rows [i] .Cells [0] .Value);
cmd1.Parameters.AddWithValue(@ ID,label1.Text);
作为HansUp pointed ,描述
和一般
保留关键字 。使用方括号,如 [Description]
和 [General]
I have a datagridview. In this DGV first colum is a combobox column. I want to make, when this combobox value is selected next fild will be filled automatically from database. But there shows a error.
No value given for one or more required parameters on OleDbDataReader dr1 = cmd1.ExecuteReader();
I post the code. Please help me.
OleDbConnection con = new OleDbConnection(conn);
con.Open();
for (int i = 0; i < dgv.Rows.Count; i++)
{
string query = "select Description from General where AccCode='" +
dgv.Rows[i].Cells[0].Value +
"' and conpanyID='" +
label1.Text + "'";
OleDbCommand cmd1 = new OleDbCommand(query, con);
//OleDbDataAdapter daBranchName = new OleDbDataAdapter(cmd);
OleDbDataReader dr1 = cmd1.ExecuteReader();
while (dr1.Read())
{
dgv.Rows[i].Cells[1].Value = dr1["Description"].ToString();
}
}
con.Close();
This kind of string concatenations are open for SQL Injection attacks.
Use parameterized queries instead.
string query = "select [Description] from [General] where AccCode= ? and conpanyID= ?";
OleDbCommand cmd1 = new OleDbCommand(query, con);
cmd1.Parameters.AddWithValue("@acc", dgv.Rows[i].Cells[0].Value);
cmd1.Parameters.AddWithValue("@ID", label1.Text);
As HansUp pointed, Description
and General
are reserved keywords. Use them with square brackets like [Description]
and [General]
这篇关于访问数据库错误::“没有给出一个或多个必需参数的值”。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!