VB.Net删除DataGridView MySql中的所选行

Question

This the code that I use. The message box is appearing but when I select yes, the selected row is not deleted at the datagridview and database.

Private Sub Delete2_Click_1(sender As Object, e As EventArgs) Handles Delete2.Click
        MySqlConn = New MySqlConnection
        MySqlConn.ConnectionString = "server=127.0.0.1;userid=root;password=;database=equipment"

        Try
            If Me.DataGridView2.Rows.Count > 0 Then
                If Me.DataGridView2.SelectedRows.Count > 0 Then
                    Dim intStdID As Char = Me.DataGridView2.SelectedRows(0).Cells("asset_code").Value
                    'open connection
                    If Not MySqlConn.State = ConnectionState.Open Then
                        MySqlConn.Open()
                    End If

                    'delete data
                    Dim cmd As New MySqlCommand
                    cmd.Connection = MySqlConn
                    cmd.CommandText = "DELETE * FROM equipment.equipment" & intStdID
                    Dim res As DialogResult
                    res = MsgBox("Are you sure you want to DELETE the selected Row?", MessageBoxButtons.YesNo)
                    If res = Windows.Forms.DialogResult.Yes Then
                        cmd.ExecuteNonQuery()

                    Else : Exit Sub
                    End If
                    'refresh data
                    Load_table()

                    'close connection
                    MySqlConn.Close()
                End If
            End If
        Catch ex As MySqlException
        End Try

Answer 1

Look at this line:

 cmd.CommandText = "DELETE * FROM equipment.equipment" & intStdID

It attempts to append the ID value from the selected cell to the SQL statement. However, it seems like this is just the ID value. You also need the WHERE ID= portion for the query.

Moreover, it's using this ID value in the query in the wrong way . It's NEVER okay to use string concatenation to include data in a query. You must use parameterized queries.

The code below demonstrates this, as well as several other better patterns for this method, with the caveat that I had to guess as some names and types from your database.

Private Sub Delete2_Click_1(sender As Object, e As EventArgs) Handles Delete2.Click
    If Me.DataGridView2.Rows.Count = 0 OrElse Me.DataGridView2.SelectedRows.Count = 0 Then
        Exit Sub
    End If

    Dim res As DialogResult = MsgBox("Are you sure you want to DELETE the selected Row?", MessageBoxButtons.YesNo)
    If res <> DialogResult.Yes Then Exit Sub

    Dim intStdID As Char = Me.DataGridView2.SelectedRows(0).Cells("asset_code").Value
    Dim SQL as String = "DELETE * FROM equipment.equipment WHERE equipment.StdID= @AssetCode"

    Using con As New MySqlConnection("server=127.0.0.1;userid=root;password=;database=equipment"), _
          cmd As New MySqlCommand(SQL, con)

        cmd.Parameters.Add("@AssetCode", MySqlDbType.VarChar, 1).Value = intStdID            
        con.Open()
        cmd.ExecuteNonQuery()
    End Using
    Load_table()
End Sub