[英]delete string combobox item C#
Thanks for your help. 谢谢你的帮助。 All of you (Literally)
你们所有人(从字面上看)
I checked another part of my code where I was updating an entry and I used that code and modified it. 我检查了代码的另一部分,在其中更新了条目,并使用了该代码并对其进行了修改。 Now it works
现在可以了
Here it is 这里是
string sql = "DELETE from Login WHERE UserName = '" + comboBox1.SelectedItem.ToString() + "'";
SqlCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = sql;
cmd.Parameters.Add(new SqlParameter("@UserName", comboBox1.SelectedItem.ToString()));
int rowdel = cmd.ExecuteNonQuery();
MessageBox.Show("Done!");
This is my code for deleting the particular row from a database that is selected through a combo box. 这是我的代码,用于从通过组合框选择的数据库中删除特定行。 My teacher used this same code and his programme worked.
我的老师使用了相同的代码,他的程序正常工作。 However it is showing an error on :
但是它显示以下错误:
" int rowInserted = cmd.ExecuteNonQuery(); " “ int rowInserted = cmd.ExecuteNonQuery();”
it says 它说
An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll Additional information: Incorrect syntax near '='. System.Data.dll中发生了类型为'System.Data.SqlClient.SqlException'的未处理异常。其他信息:'='附近的语法不正确。
here is my code: 这是我的代码:
private void button1_Click(object sender, EventArgs e)
{
string connectionString = "Server = HP-PC\\SQLExpress; Database = CProject; Trusted_Connection = True";
SqlConnection conn = new SqlConnection();
conn.ConnectionString = connectionString;
conn.Open();
string sql = "delete from [Login] where UserName = " + comboBox1.SelectedText.ToString();
SqlCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = sql;
int rowInserted = cmd.ExecuteNonQuery();
label7.Text = rowInserted.ToString();
conn.Close();
}
private void AddDeleteUsers_Load(object sender, EventArgs e)
{
string connectionstring = "Server=HP-PC\\SQLExpress;Database=CProject;Trusted_Connection=True;";
SqlConnection conn = new SqlConnection();
conn.ConnectionString = connectionstring;
conn.Open();
SqlCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "select UserName from Login";
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
comboBox1.Items.Add(reader["UserName"].ToString());
reader.Close();
conn.Close();
}
I'll give you a hint. 我会给你一个提示。
The error message is in your SQL code, in this line: 错误消息在您的SQL代码中,在以下行中:
string sql = "delete from [Login] where UserName = " + comboBox1.SelectedText.ToString();
The problem is that SQL needs text in single quotes, such as 'text'
... 问题是SQL需要用单引号引起
'text'
,例如'text'
...
Without providing the answer (since this is homework) I think this give you enough to figure it out? 没有提供答案(因为这是家庭作业),我认为这足以解决问题?
Edit "by popular demand" 编辑“按大众需求”
By the way, one of the reasons that it is not recommended to just take a value from the HTML input (your ComboBox) is that it could be manipulated by a malicious person and replaced with SQL code, which is known as SQL Injection. 顺便说一句,不建议仅从HTML输入(您的ComboBox)中获取值的原因之一是,它可能会被恶意人员操纵并被SQL代码(称为SQL注入)代替。
To avoid that, the use of Parameters is recommended. 为避免这种情况,建议使用参数。
An example would be 一个例子是
string sql = "delete from [Login] where UserName = @UserName"
Then you would have to add a parameter to your command before you execute it 然后,您必须在执行命令之前向其添加参数
command.Parameters.AddWithValue("@UserName", comboBox1.SelectedText.ToString());
This prevents someone from mutating your SQL statement into something sinister. 这样可以防止有人将您的SQL语句更改为危险的内容。
Change 更改
string sql = "delete from [Login] where UserName = " + comboBox1.SelectedText.ToString();
to this 对此
string sql = "delete from [Login] where UserName = '" + comboBox1.SelectedText.ToString() + "'";
You need single quotes around around the text. 您需要在文本周围加上单引号。
Try this: 尝试这个:
string sql = "delete from [Login] where UserName = '" + comboBox1.SelectedText.ToString() + "'";
It is better to use SqlParameter
to avoid sql injection. 最好使用
SqlParameter
避免sql注入。
string sql = "delete from [Login] where UserName = @username";
SqlCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = sql;
cmd.Parameters.AddWithValue("@username", comboBox1.SelectedText.ToString());
int rowInserted = cmd.ExecuteNonQuery();
string sql = "delete from [Login] where UserName = '" + comboBox1.SelectedText.ToString()+ "'";
is better, no? 更好,不是吗?
Be carefull with Sql injection by the way... 小心使用Sql注入...
In order to prevent SQL Injection Attacks you should use a parameterized Query: 为了防止SQL注入攻击,您应该使用参数化查询:
string connectionString = "Server = HP-PC\\SQLExpress; Database = CProject; Trusted_Connection = True";
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
string sql = "delete from [Login] where UserName = @UserName;";
using (SqlCommand cmd = new SqlCommand(sql, conn))
{
SqlParameter p = new SqlParameter("UserName", comboBox1.SelectedText.ToString());
cmd.Parameters.Add(p);
cmd.ExecuteNonQuery();
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.