Ani*_*osh 1 c# ms-access datagridview winforms oledbdatareader
我有一个datagridview.在该DGV中,第一柱是组合框柱.我想,当选择这个组合框值时,下一个fild将自动从数据库中填充.但是出现了错误.
没有为OleDbDataReader上的一个或多个必需参数赋值dr1 = cmd1.ExecuteReader();
我发布了代码.请帮我.
OleDbConnection con = new OleDbConnection(conn);
con.Open();
for (int i = 0; i < dgv.Rows.Count; i++)
{
string query = "select Description from General where AccCode='" +
dgv.Rows[i].Cells[0].Value +
"' and conpanyID='" +
label1.Text + "'";
OleDbCommand cmd1 = new OleDbCommand(query, con);
//OleDbDataAdapter daBranchName = new OleDbDataAdapter(cmd);
OleDbDataReader dr1 = cmd1.ExecuteReader();
while (dr1.Read())
{
dgv.Rows[i].Cells[1].Value = dr1["Description"].ToString();
}
}
con.Close();
这种字符串连接对SQL注入攻击是开放的.
请改用参数化查询.
string query = "select [Description] from [General] where AccCode= ? and conpanyID= ?";
OleDbCommand cmd1 = new OleDbCommand(query, con);
cmd1.Parameters.AddWithValue("@acc", dgv.Rows[i].Cells[0].Value);
cmd1.Parameters.AddWithValue("@ID", label1.Text);
正如HansUp 指出的那样,Description并且General都是保留关键字.使用方括号,如[Description]和[General]