需要参数错误 [英] Require Parameter Error
本文介绍了需要参数错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Private Sub btnDelete_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnDelete.Click
If txtCustomer_No.Text <> "" Then
cmdDelete.CommandText = "DELETE FROM custmer WHERE Customer_No = " & txtCustomer_No.Text & ";"
MsgBox(cmdDelete.CommandText)
cmdDelete.CommandType = CommandType.Text
cmdDelete.Connection = cnnOLEDB
cmdDelete.ExecuteNonQuery() <----- Error Msg : No value given for one or more required parameters.
MsgBox("Record deleted.")
txtCustomer_No.Text = ""
cmdDelete.Dispose()
Else
MsgBox("Enter the required values:" & vbNewLine & "1. Customer_No")
End If
cmdUpdate.Dispose()
End Sub
在此先感谢....
Thanks in Advance ....
推荐答案
首先,不要那样做:不要串联字符串来构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门,这可能会破坏整个数据库.请改用参数化查询.
其次,您的文本框的内容可能是导致错误的原因:如果它包含空格,分号或任何其他特殊字符,SQL将会变得混乱,并且您将得到错误.您可以将其括在引号中,但是使用参数化查询将解决此问题,并同时保护数据库免受损坏.
那么您能举一个关于参数化的小例子吗...
我对所有这些东西都是新的."
试试:
First off, don''t do it that way: Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Second, the content of your text box is probably responsible for the error: if it contains spaces, or semicolons, or any other special characters SQL will get confused and you will get an error. You could enclose it in quotes, but using parametrised queries will fix the problem, and save your database from damage at the same time.
"So can u give one little example about parametrized ...
i m new about all this stuff.."
Try:
Using con As New SqlConnection(strConnect)
con.Open()
Using com As New SqlCommand("DELETE FROM custmer WHERE Customer_No=@CN", con)
com.Parameters.AddWithValue("@CN", txtCustomer_No.Text)
com.ExecuteNonQuery()
End Using
End Using
这篇关于需要参数错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
