dem*_*0de 53 sql vb.net sql-server
我的代码有问题:
Private Sub TextBox2_TextChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles TextBox2.TextChanged
list.Items.Clear()
cmd.CommandText = "SELECT * FROM borrow where (Department LIKE '%" & TextBox2.Text & "%')"
cmd.Connection = con
cmd.CommandType = CommandType.Text
con.Open()
rd = cmd.ExecuteReader()
If rd.HasRows = True Then
While rd.Read()
Dim listview As New ListViewItem
listview.Text = rd("ID").ToString
listview.SubItems.Add(rd("Department").ToString)
listview.SubItems.Add(rd("Purpose").ToString)
listview.SubItems.Add(rd("Items_Details").ToString)
listview.SubItems.Add(rd("Requested_by").ToString)
listview.SubItems.Add(rd("Approved_by").ToString)
listview.SubItems.Add(rd("Date").ToString)
listview.SubItems.Add(rd("Status").ToString)
listview.SubItems.Add(rd("Date_Returned").ToString)
list.Items.Add(listview)
End While
End If
con.Close()
一旦我输入文本框中的字符串来搜索项目,我就会收到此错误:
参数化查询'(@ Parameter1 nvarchar(4000))SELECT*FROM借用where(Departme'期望参数'@ Parameter1',未提供.
谁能帮我?
rav*_*dev 143
如果将null值传递给参数,即使添加参数后也会出现此错误,因此请尝试检查该值,如果为null,则使用DBNull.Value
这会奏效
cmd.Parameters.Add("@Department", SqlDbType.VarChar)
If (TextBox2.Text = Nothing) Then
cmd.Parameters("@Department").Value = DBNull.Value
Else
cmd.Parameters("@Department").Value = TextBox2.Text
End If
这会将对象层的空值转换为数据库可接受的DBNull值.
Abe*_*ler 16
您的网站存在遭受黑客攻击的严重危险.
阅读SQL注入以及如何在.NET中预防它
您的查询问题是您现在最不关心的问题.
但.....
@Misnomer的解决方案很接近,但并不完全存在:
将您的查询更改为:
cmd.CommandText = "SELECT * FROM borrow where (Department LIKE '%@DepartmentText%')"
并以这种方式添加参数(或@Misnomer的方式):
cmd.Parameters.AddWithValue("@DepartmentText",TextBox2.Text)
重要的区别是您需要更改CommandText.