我的delete命令可以执行,但数据无法删除? [英] My deletecommand can execute, but the data can't be deleted?
本文介绍了我的delete命令可以执行,但数据无法删除?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有问题我不知道我的代码有什么问题。代码可以执行,但我的数据无法删除。
这里我的代码:
我尝试过:
I have problem at "I don't know what's wrong with my code. The code can be executed, but my data can't be deleted.
Here my code:
What I have tried:
private void DeleteCmd(object sender, EventArgs e)
{
conn = new SqlConnection("Server=TA;Data Source=TA; Database=dbSaham;Integrated Security=SSPI");
conn.Open();
string sql = "";
ds = new DataSet();
da = new SqlDataAdapter();
DialogResult hsl = MessageBox.Show("Anda Yakin ?", "Hapus", MessageBoxButtons.YesNo, MessageBoxIcon.Question, MessageBoxDefaultButton.Button2);
if (hsl == DialogResult.Yes)
{
sql = String.Concat("Delete From UNICJK Where Date = '", dateTimePicker4.Value.Date.ToString(), "'");
}
da.DeleteCommand = new SqlCommand(sql, conn);
string pesan = String.Concat(da.DeleteCommand.ExecuteNonQuery(), " Record berhasil dihapus");
MessageBox.Show(pesan, "Info Hapus");
dgvSaham.Visible = true;
SqlCommand cmd2 = new SqlCommand("Select * From UNICJK", conn);
da.SelectCommand = cmd2;
da.Fill(ds, "UNICJK");
dgvSaham.DataSource = ds.Tables["UNICJK"];
}
推荐答案
您的日期列可能是类型DATETIME。然后使用dateTimePicker4.Value.Date.ToString()传递仅限日期的字符串时,将扩展为DATETIME时间部分设置为00:00:00,只有那些记录匹配那个时间。
你必须指定你只想比较日期部分:
YourDatecolumn has probably the typeDATETIME. When then passing a date only string usingdateTimePicker4.Value.Date.ToString(), that will be extended to aDATETIMEwith the time portion set to 00:00:00 and only those records match that have that time.
You have to specify that you only want to compare the date portion:
sql = String.Concat("DELETE FROM UNICJK WHERE CAST(Date AS DATE) = '", dateTimePicker4.Value.Date.ToString(), "'");
在你的情况下,使用一个更好的参数化命令,以避免传递格式为字符串的日期:
In your case it would be even better to use a parameterised command to avoid passing dates formatted as strings:
da.DeleteCommand = new SqlCommand("DELETE FROM UNICJK WHERE CAST(Date AS DATE) = CAST(@PickerDate AS DATE)", conn);
da.DeleteCommand.Parameters.AddWithValue("@PickerDate", dateTimePicker4.Value)
永远不要通过与用户输入连接来构建SQL查询,它被命名为SQL注入,它对您的数据库很危险并且容易出错。
名称中的单引号和程序崩溃。如果像Brian O'Conner这样的用户输入可能会使您的应用程序崩溃,那么这是一个SQL注入漏洞。
SQL注入 - 维基百科 [ ^ ]
SQL注入 [ ^ ]
当你不明白你的代码做了什么或者它为什么会这样做,答案是调试器。
使用调试器来查看你的代码在做什么。只需设置断点并查看代码执行情况,调试器允许您逐行执行第1行并在执行时检查变量,这是一个令人难以置信的学习工具。
调试器 - 维基百科,免费的百科全书 [ ^ ]
掌握Visual Studio 2010中的调试 - 初学者指南 [ ^ ]
使用Visual Studio 2010进行基本调试 - YouTube [ ^ ]
调试器在这里向您展示您的代码在做什么你的任务是与它应该做的事情进行比较。
调试器中没有魔法,它没有发现错误,它只是帮助你。当代码没有达到预期的效果时,你就会接近一个错误。
Never build an SQL query by concatenating with user inputs, it is named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability.
SQL injection - Wikipedia[^]
SQL Injection[^]
When you don't understand what your code is doing or why it does what it does, the answer is debugger.
Use the debugger to see what your code is doing. Just set a breakpoint and see your code performing, the debugger allow you to execute lines 1 by 1 and to inspect variables as it execute, it is an incredible learning tool.
Debugger - Wikipedia, the free encyclopedia[^]
Mastering Debugging in Visual Studio 2010 - A Beginner's Guide[^]
Basic Debugging with Visual Studio 2010 - YouTube[^]
The debugger is here to show you what your code is doing and your task is to compare with what it should do.
There is no magic in the debugger, it don't find bugs, it just help you to. When the code don't do what is expected, you are close to a bug.
这篇关于我的delete命令可以执行,但数据无法删除?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
