参数化查询'(@ invno nvarchar(3),@ invdate nvarchar(8),@ pname nvarchar(4000),@'需要参数'@pname',这是未提供的。 [英] The parameterized query '(@invno nvarchar(3),@invdate nvarchar(8),@pname nvarchar(4000),@' expects the parameter '@pname', which was not supplied.
本文介绍了参数化查询'(@ invno nvarchar(3),@ invdate nvarchar(8),@ pname nvarchar(4000),@'需要参数'@pname',这是未提供的。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
嗨
我试图通过文本框向sqlserver数据库插入一条记录。
但每次出现此错误
你可以帮我吗?
Hi
I'm try to insert a record to sqlserver database through textboxes.
but this error is appear every time
can you help me?
Dim conn As New SqlConnection(ConfigurationManager.ConnectionStrings("cn").ConnectionString)
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim cmd As New SqlCommand("insert into invoices (invno,invdate,pname,program,amountd,payment,bank,explain,cashier) values (@invno,@invdate,@pname,@program,@amountd,@payment,@bank,@explain,@cashier)", conn)
cmd.Parameters.AddWithValue("@invno", t1.Text)
cmd.Parameters.AddWithValue("@invdate", t2.Text)
cmd.Parameters.AddWithValue("@pname", t3.text)
cmd.Parameters.AddWithValue("@program", t4.Text)
cmd.Parameters.AddWithValue("@amountd", t5.Text)
cmd.Parameters.AddWithValue("@payment", t6.Text)
cmd.Parameters.AddWithValue("@bank", t7.Text)
cmd.Parameters.AddWithValue("@explain", t8.Text)
cmd.Parameters.AddWithValue("@cashier", t9.Text)
conn.Open()
cmd.ExecuteNonQuery()
conn.Close()
Response.Write("done")
End Sub
推荐答案
命名参数的计数似乎没问题。
我想要请注意:
1) SQL注入 [ ^ ],
2)inccore 数据类型 [ ^ ]。
广告1)
SQL注入以及如何避免它[ ^ ]
在停止之前阻止SQL注入攻击 [ ^ ]
如何:防止ASP.NET中的SQL注入 [ ^ ]
Ad 2)
参数@invate声明为VARCHAR(8),但它(可能)应声明为DateTime。这可能是您遇到麻烦的原因以及显示错误消息的原因:'查询...期望参数...未提供'。
根据操作系统设置,日期以多种不同格式显示:dd / MM / yyyy,MM.dd.yyyy,yy-MM-dd等。如果日期长度为10个符号,则SQL服务器引擎无法隐式转换它。更改表结构的定义并传递正确的值。
最后,我建议用这种方式定义添加SQLParameters:
The count of named parameters seems to be OK.
I'd like to turn your attention to:
1) SQL Injection[^],
2) inccorect data types[^].
Ad 1)
SQL Injection and how to avoid it[^]
Stop SQL Injection Attacks Before They Stop You[^]
How To: Protect From SQL Injection in ASP.NET[^]
Ad 2)
Parameter@invdateis declared asVARCHAR(8), but it (probably) should be declared as aDateTime. It could be the reason of your troubles and the reason of displaying the error message: 'query ... expects the parameter ... which is not supplied'.
Depending on OS settings, date is displayed in many different formats:dd/MM/yyyy,MM.dd.yyyy,yy-MM-dd, etc. In case of date length is 10 signs, the SQL server engine can't implicitely convert it. Change the definition of the table's structure and pass proper values.
Finally, i'd suggest to define add SQLParameters in this way:
cmd.Parameters.Add("@invno", SqlDbType.Int)
cmd.Parameters("@invno") = Convert.ToIn32(t1.Text)
thanx Maciej Los
我在这里找到了解决方案
http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters.aspx?cs -save-lang = 1& cs-lang = vb [ ^ ]
thanx Maciej Los
I found the solution here
http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters.aspx?cs-save-lang=1&cs-lang=vb[^]
这篇关于参数化查询'(@ invno nvarchar(3),@ invdate nvarchar(8),@ pname nvarchar(4000),@'需要参数'@pname',这是未提供的。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
