需要在数据库中搜索标准是日期字段 [英] Need to search in a database whille the criteria is a date field
本文介绍了需要在数据库中搜索标准是日期字段的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
大家好,
我需要您的紧急帮助解决以下问题..
我正在尝试使用Access表填充DataGridView,但所选数据保持以下多个条件,问题是它没有正确导致错误MSG出现
以下代码需要解决..
PS:如果我删除日期部分查询得到正确执行但我需要紧急的日期标准plz
Hi All,
please i need your urgent help in solving the below problem..
I'm trying to fill a DataGridView with Access table but the selected data holding the below multiple criteria , the problem that it didn't results correctly as an error MSG appeared
below codes needs to be solved please..
P.S: if i removed the date section the query got executed correctly but i need the date criteria urgently plz
Private Sub Supplier_Query()
Dim Yesterday As DateTime = DateTime.Today.AddDays(-1)
cnnOLEDB.ConnectionString = strConnectionString
cnnOLEDB.Open()
'Dim strUpdate As String
Try
Dim sqlQRY As String
sqlQRY = "Select * From Customers WHERE SupplierName = '" & SuppNameVariable.Text & "' AND SupplierFeedbackDate = '.... / .... / .....' AND DateAdded <'" & CDate(Yesterday) & "'"
Dim da As OleDbDataAdapter
Dim ds As DataSet = New DataSet
da = New OleDbDataAdapter(sqlQRY, cnnOLEDB)
Dim cb As OleDbCommandBuilder = New OleDbCommandBuilder(da)
da.Fill(ds, "Customers")
Alerting_Escalation_Tool.DataGridViewCustomer.DataSource = ds
Alerting_Escalation_Tool.DataGridViewCustomer.DataMember = "Customers"
Catch ex As OleDbException
MsgBox(ex.ToString)
End Try
cnnOLEDB.Close()
End Sub()
推荐答案
从一开始你的方法就错了。通过串联从UI获取的字符串组成的查询。不仅重复的字符串连接是低效的(因为字符串是不可变的;我是否必须解释为什么它会使重复连接变坏?),但是有更重要的问题:它打开了通向良好的大门已知的漏洞称为 SQL注入。
这是它的工作原理: http://xkcd.com/327 。
你明白了吗?从控件中获取的字符串可以是任何东西,包括......一段SQL代码。
怎么办?只需阅读有关此问题和主要补救措施:参数化语句: http://en.wikipedia.org/ wiki / SQL_injection 。
使用ADO.NET,使用:http://msdn.microsoft.com/en-us/library/ff648339.aspx 。
请参阅我过去的答案有更多细节:
在com.ExecuteNonQuery中更新EROR( ); ,
嗨姓名不显示?。
-SA
Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.
This is how it works: http://xkcd.com/327.
Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.
What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.
With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.
Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.
—SA
这就是我修复它的方式..
以及DateAdded字段在数据库设计中保存日期类型的方式
sqlQRY =选择*来自客户WHERE SupplierName ='&SuppNameVariable.Text&'AND SupplierFeedbackDate ='.... / .... / .....'和DateAdded< #+昨天+#
谢谢大家
问候
Bassam
This is how i fixed it..
and by the way the field DateAdded holds Date Type in data base design
sqlQRY = "Select * From Customers WHERE SupplierName = '" & SuppNameVariable.Text & "' AND SupplierFeedbackDate = '.... / .... / .....' AND DateAdded < #" + Yesterday + "#"
Thanks guys
Regards
Bassam
这篇关于需要在数据库中搜索标准是日期字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文