将文本框值与数据库进行比较
[英]Comparing textbox value to database
问题描述
HI ! 
嗨! I would like to compare values from a textbox with data from a table. 我想将文本框中的值与表中的数据进行比较。 I tried this code but i got the error that the input string was in the wrong format! 我尝试了这段代码,但是我得到了输入字符串格式错误的错误! code: 码:
string connectionString =
"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=save.mdb";
try
{
database = new OleDbConnection(connectionString);
database.Open();
string queryString = "SELECT zivila.naziv,users.user_name FROM (obroki_save "
+ " LEFT JOIN zivila ON zivila.ID=obroki_save.ID_zivila) "
+ " LEFT JOIN users ON users.ID=obroki_save.ID_uporabnika "
+ " WHERE users.ID='" +Convert.ToInt16(id.iDTextBox.Text)+"'";
loadDataGrid(queryString);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return;
}
5 个解决方案
解决方案1
0 2010-05-05 20:30:30
your connectionstring should look like this: 您的连接字符串应如下所示:
Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\\mydatabase.mdb;User Id=admin;Password=; Provider = Microsoft.Jet.OLEDB.4.0;数据源= C:\\ mydatabase.mdb;用户ID = admin;密码=;
Further information on connectionstrings you can find on connectionstrings.com 您可以在connectionstrings.com上找到有关连接字符串的更多信息
解决方案2
0 2010-05-05 20:37:04
when building your sql, you're trying to concatenate a string and an Int16 value. 在构建sql时,您尝试连接字符串和Int16值。 try removing the Convert.ToInt16(), leaving just the string value of the textbox. 尝试删除Convert.ToInt16(),仅保留文本框的字符串值。
解决方案3
0 2010-05-05 20:37:05
Try changing your last line to 尝试将最后一行更改为
+ " WHERE users.ID=" +Convert.ToInt16(id.iDTextBox.Text);
basically removing the single quotes from around the Int16 基本上从Int16周围删除单引号
解决方案4
0 2010-05-05 21:05:23
You could try this: 您可以尝试以下方法:
string connectionString =
"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=save.mdb";
try
{
Int16 id = Int16.Parse(id.iDTextBox.Text);
database = new OleDbConnection(connectionString);
database.Open();
string queryString = "SELECT zivila.naziv,users.user_name FROM (obroki_save "
+ " LEFT JOIN zivila ON zivila.ID=obroki_save.ID_zivila) "
+ " LEFT JOIN users ON users.ID=obroki_save.ID_uporabnika "
+ " WHERE users.ID=" + id.ToString();
loadDataGrid(queryString);
database.Close();
}
catch (FormatException fex)
{
MessageBox.Show(fex.Message);
return;
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return;
}
This way you would intercept bad data and protect yourself from Sql Injection. 这样,您将拦截不良数据并保护自己免受Sql Injection的侵害。
Also, don't forget to Close your connection, or read up on the using the using keyword . 另外,不要忘记关闭连接,或者使用using关键字来继续阅读。
Also try to run the query with a hardcoded id value in your sql editor to make sure it works: 另外,请尝试在您的sql编辑器中使用具有硬编码ID值的查询来运行查询,以确保其有效:
SELECT zivila.naziv,users.user_name
FROM (obroki_save AS os LEFT JOIN zivila AS z ON z.ID=os.ID_zivila)
LEFT JOIN users ON users.ID=obroki_save.ID_uporabnika
WHERE users.ID=16
解决方案5
0 2010-06-08 02:23:19
if your ID field is an int, you shouldn't be putting ' around it. 如果您的ID字段是一个int,则不应在其周围加上'。
so change 所以改变
+ " WHERE users.ID='" +Convert.ToInt16(id.iDTextBox.Text)+"'";
to 至
+ " WHERE users.ID=" +Convert.ToInt16(id.iDTextBox.Text);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.