这总是显示参数无效.....为什么? [英] this always showing parameter is not valid..... why?
本文介绍了这总是显示参数无效.....为什么?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Private Sub DgvList_CellContentClick(sender As Object, e As DataGridViewCellEventArgs) Handles DgvList.CellContentClick
Cmd.Connection = Con
'Dim BWriter As New IO.BinaryWriter(New IO.MemoryStream)
Dim Img As String
Img = DgvList.Rows(DgvList.CurrentRow.Index).Cells("DgvPID").Value.ToString
Cmd.CommandText = "SELECT Photo FROM Hospital WHERE ID = '" & Img & "'"
Dim Strm As New MemoryStream
Dim imge As Byte() = DirectCast(Cmd.ExecuteScalar, Byte())
Strm.Write(imge, 0, imge.Length)
Dim BM As New Bitmap(Strm)
PicPhoto.Image = BM
End Sub
推荐答案
这是在一起添加字符串时发生的情况...不要连接字符串来构建一个SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。改为使用参数化查询。
然后看到这里:为什么我得到参数无效。我从数据库中读取图像时出现异常? [ ^ ] - 代码是C#,但很明显。
This is what happens when you add strings together... Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
And then see here: Why do I get a "Parameter is not valid." exception when I read an image from my database?[^] - the code is C#, but it's pretty obvious.
这篇关于这总是显示参数无效.....为什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文