我如何...我将checklistbox中的数据转换为字符串,并将该字符串传递给in运算符的sql查询 [英] How do I...I am getting a data from checklistbox into a string and pass that string into a sql query for in operator
问题描述
大家好......
我从checklistbox获取数据到字符串中并将该字符串传递给运算符的sql查询。但我的编码是不工作。我告诉你。
Hi Everyone...
I am getting a data from checklistbox into a string and pass that string into a sql query for in operator.But My coding is not working.I show you.
CheckedInvoiceNo = ""
'Dim ff As New frmSalePerformaReport
For I = 0 To chklistbx.Items.Count - 1
If chklistbx.GetItemChecked(I) = True Then
CheckedInvoiceNo = CheckedInvoiceNo + "," + chklistbx.Items(I).ToString()
End If
Next
sql = "select PFDate,PFNo,CustType,Party,PartyCode,SaleNo,SaleDate,InvHeading,SaleType,Mode,Transporter from sale where PFNo in '" & CheckedInvoiceNo & "'"
------------------------
编辑:添加OP最初作为解决方案提交的信息。
------------------------
Added information that OP originally submitted as a solution.
我将数据输入checkinvoiceNo.But我的附加字符串的语法不正确
我得到的那样checkinvoice no = NZ-SP / 13-14 / 00002,NZ-SP / 13-14 / 00001,
但我想得到那样的检查号码''NZ-SP / 13-14 / 00002','NZ-SP / 13-14 / 00001'
I am getting data into checkinvoiceNo.But My syntax of append a string is not correct
I am getting like that checkinvoice no = NZ-SP/13-14/00002 ,NZ-SP/13-14/00001 ,
But I wanna get like that checkinvoice no = 'NZ-SP/13-14/00002' , 'NZ-SP/13-14/00001'
推荐答案
首先,你不应该像你在
First of all, you should not "inject" value directly into your sql query like what you did
in '" & CheckedInvoiceNo & "'"
为了避免sql注入,请阅读更多相关信息这里有 SQL注入攻击和一些提示如何防止他们 [ ^ ]。
其次,你的sql查询构造不正确,请查看这些:
1. SQL选择 [ ^ ]
2. SQL IN [ ^ ]
to avoid sql injection, read more about it here SQL Injection Attacks and Some Tips on How to Prevent Them[^].
Secondly, you sql query is not constructed correctly, check these out:
1. SQL Select[^]
2. SQL IN[^]
我将数据输入checkinvoiceNo.But我的语法是追加字符串不是正确
我得到的那样checkinvoice no = NZ-SP / 13-14 / 00002,NZ-SP / 13-14 / 00001,
但是我想得到那样的检票号='NZ-SP / 13-14 / 00002', 'NZ-SP / 13-14 / 00001'
I am getting data into checkinvoiceNo.But My syntax of append a string is not correct
I am getting like that checkinvoice no = NZ-SP/13-14/00002 ,NZ-SP/13-14/00001 ,
But I wanna get like that checkinvoice no = 'NZ-SP/13-14/00002' , 'NZ-SP/13-14/00001'
我建议您使用StringBuilder构建CheckedInvoiceNo。这样的事情:
I would recommend that you use a StringBuilder to construct "CheckedInvoiceNo". Something like this:
Dim CheckedInvoiceNo As New System.Text.StringBuilder()
For Each CheckedItem As Object In chklistbx.CheckedItems
If CheckedInvoiceNo.Length > 0 Then ' a prior item was added, so add a comma
CheckedInvoiceNo.Append(","c)
End If
CheckedInvoiceNo.Append("'"c)
CheckedInvoiceNo.Append(CheckedItem.ToString())
CheckedInvoiceNo.Append("'"c)
Next
' note: I modified the "In" expresion
sql = "select PFDate,PFNo,CustType,Party,PartyCode,SaleNo,SaleDate,InvHeading,SaleType,Mode,Transporter from sale where PFNo IN (" & CheckedInvoiceNo.ToString() & ")"
另外,请注意Pete Leow关于参数化查询的评论。
Also, please pay heed to Pete Leow's comments about parameterized queries.
这篇关于我如何...我将checklistbox中的数据转换为字符串,并将该字符串传递给in运算符的sql查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!