必须先清除textBox_Bal1.Text [英] textBox_Bal1.Text must be cleared first

问题描述

textBox_Bal1.Text必须先清除，然后textBox_Bal1.Text将等于bal1。

这不会发生。

textBox_Bal1.Text must be cleared first before textBox_Bal1.Text will equal to bal1.
It won't happen.

private void comboBox_Supp1_SelectedIndexChanged(object sender, EventArgs e)
        {
            
            textBox_Bal1.Clear();

            if (comboBox_Supp1.Text == "")
            {
                textBox1.Clear();
            }
            else
            {
              
                if (Com.Connection.State == ConnectionState.Closed)
                {
                    Com.Connection.Open();                    
                }

                Com.CommandText = "SELECT ITEM_CODE FROM stock WHERE DESCRIPTIO = '" + comboBox_Supp1.Text + "'";
                reader = Com.ExecuteReader();
                while (reader.Read())
                {
                    textBox1.Text = reader["ITEM_CODE"].ToString();
                }
                reader.Close();

                Com.CommandText = "SELECT SUM(QTYIN-QTYOUT) AS BAL FROM stcktrn WHERE ITEM_CODE = '" + textBox1.Text + "' GROUP BY ITEM_CODE";
                readerx = Com.ExecuteReader();
                while (readerx.Read())
                {
                    b1 = readerx["BAL"].ToString();                    
                }
                readerx.Close();

                Com.CommandText = "SELECT SUM(QTYIN-QTYOUT) AS BAL FROM stcktrn1 WHERE ITEM_CODE = '" + textBox1.Text + "' AND PPE = 'P' GROUP BY ITEM_CODE";
                readerxx = Com.ExecuteReader();
                while (readerxx.Read())
                {
                    b2 = readerxx["BAL"].ToString();                   
                }
                readerxx.Close();                
                bal1 = Convert.ToDouble(b1) + Convert.ToDouble(b2);
                textBox_Bal1.Text = Convert.ToString(bal1);
                Com.Connection.Close();
            }
               
        }

推荐答案

而不是：

textBox_Bal1 .Clear（）;

简单地使用

textBox_Bal1.Text = String.Empty





另外，请阅读有关SQL注入攻击的内容。

如果我要在textBox1.Text中写下以下内容会发生什么：

'; DROP TABLE stcktrn1; -



或者更好的是在没有付款的情况下完成我自己的订单:)



使用存储过程，你可以从单个存储过程填充所有文本框（甚至可能从单个查询中填充）

Instead of:
textBox_Bal1.Clear();
use simply
textBox_Bal1.Text = String.Empty


Also, read about SQL Injection attacks.
Consider what would happen if I'm to write in your textBox1.Text the following:
'; DROP TABLE stcktrn1; --

Or better yet finish my own order without paying :)

Use stored procedures, you could have all the textboxes filled from single stored procedure (possibly even from single query)

请 - 请 - 为了您自己，特别是在网站上 - 不要连接字符串来构建一个SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。改为使用参数化查询。



除此之外（其中非常重要）为什么要从数据库中读取数字到b1和b2，将它们转换为字符串，然后再将它们转换回数字？

为什么要循环？它总是会导致b2只包含组中的最后一个条目。

由于b1包含b2中的所有内容以及数据库的其余部分，我不相信它是正确的总和！ />


看看你的数据库，想想你真正想要制作什么 - 因为我不认为你的查询是对的 - 但我不知道是什么你的作业是，所以我无法开始纠正它。

Please, please - for your own sake, and especially on a website - do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

Other than that (which really is serious important) why are you reading a number from the database into b1 and b2, converting them to strings, and then converting them back to numbers again?
And why loop? It will always result in b2 containing the last entry in the group only.
And since b1 contains everything in b2 plus the rest of the DB, I'm not convinced it's teh right sum anyway!

Have a look at your DB, and think about what you actually want to produce - because I don't think your queries are quite right - but I don't know what your homework is, so I can't begin to correct it.

这篇关于必须先清除textBox_Bal1.Text的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！