删除字符串组合框项目C＃

Question

Thanks for your help. 谢谢你的帮助。 All of you (Literally) 你们所有人（从字面上看）

I checked another part of my code where I was updating an entry and I used that code and modified it. 我检查了代码的另一部分，在其中更新了条目，并使用了该代码并对其进行了修改。 Now it works 现在可以了

Here it is 这里是

string sql = "DELETE from Login WHERE UserName = '" + comboBox1.SelectedItem.ToString() + "'";

            SqlCommand cmd = conn.CreateCommand();
            cmd.CommandType = CommandType.Text;
            cmd.CommandText = sql;


            cmd.Parameters.Add(new SqlParameter("@UserName", comboBox1.SelectedItem.ToString()));
            int rowdel = cmd.ExecuteNonQuery();
            MessageBox.Show("Done!");

This is my code for deleting the particular row from a database that is selected through a combo box. 这是我的代码，用于从通过组合框选择的数据库中删除特定行。 My teacher used this same code and his programme worked. 我的老师使用了相同的代码，他的程序正常工作。 However it is showing an error on : 但是它显示以下错误：

" int rowInserted = cmd.ExecuteNonQuery(); " “ int rowInserted = cmd.ExecuteNonQuery（）;”

it says 它说

An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll Additional information: Incorrect syntax near '='. System.Data.dll中发生了类型为'System.Data.SqlClient.SqlException'的未处理异常。其他信息：'='附近的语法不正确。

here is my code: 这是我的代码：

private void button1_Click(object sender, EventArgs e)
        {
            string connectionString = "Server = HP-PC\\SQLExpress; Database = CProject; Trusted_Connection = True";
            SqlConnection conn = new SqlConnection();
            conn.ConnectionString = connectionString;
            conn.Open();

            string sql = "delete from [Login] where UserName = " + comboBox1.SelectedText.ToString();

            SqlCommand cmd = conn.CreateCommand();
            cmd.CommandType = CommandType.Text;
            cmd.CommandText = sql;

            int rowInserted = cmd.ExecuteNonQuery();
            label7.Text = rowInserted.ToString();

            conn.Close();


        }

        private void AddDeleteUsers_Load(object sender, EventArgs e)
        {
            string connectionstring = "Server=HP-PC\\SQLExpress;Database=CProject;Trusted_Connection=True;";
            SqlConnection conn = new SqlConnection();
            conn.ConnectionString = connectionstring;
            conn.Open();

            SqlCommand cmd = conn.CreateCommand();
            cmd.CommandType = CommandType.Text;
            cmd.CommandText = "select UserName from Login";

            SqlDataReader reader = cmd.ExecuteReader();

            while (reader.Read())
            comboBox1.Items.Add(reader["UserName"].ToString());
            reader.Close();

            conn.Close();
        }

Answer 1

I'll give you a hint. 我会给你一个提示。

The error message is in your SQL code, in this line: 错误消息在您的SQL代码中，在以下行中：

    string sql = "delete from [Login] where UserName = " + comboBox1.SelectedText.ToString();

The problem is that SQL needs text in single quotes, such as 'text' ... 问题是SQL需要用单引号引起'text' ，例如'text' ...

Without providing the answer (since this is homework) I think this give you enough to figure it out? 没有提供答案（因为这是家庭作业），我认为这足以解决问题？

Edit "by popular demand" 编辑“按大众需求”

By the way, one of the reasons that it is not recommended to just take a value from the HTML input (your ComboBox) is that it could be manipulated by a malicious person and replaced with SQL code, which is known as SQL Injection. 顺便说一句，不建议仅从HTML输入（您的ComboBox）中获取值的原因之一是，它可能会被恶意人员操纵并被SQL代码（称为SQL注入）代替。

To avoid that, the use of Parameters is recommended. 为避免这种情况，建议使用参数。

An example would be 一个例子是

    string sql = "delete from [Login] where UserName = @UserName"

Then you would have to add a parameter to your command before you execute it 然后，您必须在执行命令之前向其添加参数

command.Parameters.AddWithValue("@UserName", comboBox1.SelectedText.ToString());

This prevents someone from mutating your SQL statement into something sinister. 这样可以防止有人将您的SQL语句更改为危险的内容。

Answer 2

Change 更改

string sql = "delete from [Login] where UserName = " + comboBox1.SelectedText.ToString();

to this 对此

string sql = "delete from [Login] where UserName = '" + comboBox1.SelectedText.ToString() + "'";

You need single quotes around around the text. 您需要在文本周围加上单引号。

Answer 3

Try this: 尝试这个：

string sql = "delete from [Login] where UserName = '" + comboBox1.SelectedText.ToString() + "'";

It is better to use SqlParameter to avoid sql injection. 最好使用SqlParameter避免sql注入。

        string sql = "delete from [Login] where UserName = @username";

        SqlCommand cmd = conn.CreateCommand();
        cmd.CommandType = CommandType.Text;
        cmd.CommandText = sql;
        cmd.Parameters.AddWithValue("@username", comboBox1.SelectedText.ToString());

        int rowInserted = cmd.ExecuteNonQuery();

Answer 4

string sql = "delete from [Login] where UserName = '" + comboBox1.SelectedText.ToString()+ "'";

is better, no? 更好，不是吗？

Be carefull with Sql injection by the way... 小心使用Sql注入...

Answer 5

In order to prevent SQL Injection Attacks you should use a parameterized Query: 为了防止SQL注入攻击，您应该使用参数化查询：

    string connectionString = "Server = HP-PC\\SQLExpress; Database = CProject; Trusted_Connection = True";
    using (SqlConnection conn = new SqlConnection(connectionString))
    {
        conn.Open();
        string sql = "delete from [Login] where UserName = @UserName;";

        using (SqlCommand cmd = new SqlCommand(sql, conn))
        {
            SqlParameter p = new SqlParameter("UserName", comboBox1.SelectedText.ToString());
            cmd.Parameters.Add(p);
            cmd.ExecuteNonQuery();
        }
    }

删除字符串组合框项目C＃

问题描述

5 个解决方案

解决方案1
4 已采纳 2013-03-18 17:03:17

解决方案2
2 2013-03-18 17:02:51

解决方案3
1 2013-03-18 17:02:52

解决方案4
1 2013-03-18 17:03:04

解决方案5
0 2013-03-18 17:12:24

删除字符串组合框项目C＃

问题描述

5 个解决方案

解决方案1 4 已采纳 2013-03-18 17:03:17

解决方案2 2 2013-03-18 17:02:51

解决方案3 1 2013-03-18 17:02:52

解决方案4 1 2013-03-18 17:03:04

解决方案5 0 2013-03-18 17:12:24

解决方案1
4 已采纳 2013-03-18 17:03:17

解决方案2
2 2013-03-18 17:02:51

解决方案3
1 2013-03-18 17:02:52

解决方案4
1 2013-03-18 17:03:04

解决方案5
0 2013-03-18 17:12:24