通过文本框在表格中查找数据 [英] find data in table by textbox

问题描述

嘿朋友.我有一些项目.我需要获取地址到
当我在textbox中输入名称时，标签会出现问题.我的代码就是这样

hey friend. i have some project. i need get address to
lable when i enter name into textbox.my code is lile this

ds.clear
da=new sqldataadapter("SELECT * FROM members
WHERE name=" & textbox1.text &"", dbconn)
try
da.fill(ds,members")
bind()
catch ex as exception
messagebox.show(ex.message)
exit sub
end try
sub bind()
lable1.databindings.add("text",ds,"members.memname")
end sub

很遗憾，它不起作用.我看到一个错误的味精.它的''无效的colinm名称.但实际上列名称是corect.当然可以.
然后，我尝试按年龄搜索信息.它的工作.但是
我不知道在那里输入名字时会得到地址.
即时通讯使用vb.net和sql server.
请帮我 .请
我

unfortunatly its not work. i see one erro msg. its ''invalied colinm name.but actually column name is corect. its sure.
then i try search infomation by there age. its worked. but
i have no idea to get address when emter there names.
im using vb.net and sql server.
please help me . please
I

推荐答案

处理此问题的最佳方法是使用参数.请参阅: SqlParameter [

The best way to handle this is to use parameters. See: SqlParameter[^].

So your code could be something like:

dim cmd as new SqlCommand
cmd.CommandText = "SELECT * FROM members WHERE name=@name"
cmd.Connection = dbconn
cmd.Parameters.AddWithValue("@name", textbox1.text)
ds.clear
da=new sqldataadapter(cmd)
try
   da.fill(ds,members")
...

出现该错误的原因是因为文本值周围没有单引号.您正在执行的sql看起来像

The reason you get that error is because you do not have single quotes around the text value. Your sql that is being executed looks like

SELECT * FROM members WHERE name=Bill

它必须是

and it needs to be

SELECT * FROM members WHERE name='Bill'

但是，更大的问题是此SQL对于SQL注入是开放的.您需要更改该值以使用SQL参数，并且永远不要从屏幕上获取输入并直接将其放入SQL语句中.

But an even bigger issue is that this SQL is wide open for SQL injection. You need to change the value to use a SQL Parameter and never take input from the screen and put directly into a SQL statement.

这篇关于通过文本框在表格中查找数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！