堆栈内存溢出
  简体   繁体   English

尝试从数据库中删除行时“条件表达式中的数据类型不匹配”

[英]“Data type mismatch in criteria expression” when trying to delete row from database

 原文  2012-09-18 09:52:38       c#/ oledb

问题描述

    OleDbCommand system = new OleDbCommand();
    system.CommandType = CommandType.Text;
    system.CommandText = "DELETE FROM Student WHERE(ID= '" + 
                          txtStudentIDnumber.Text + "')";
    system.Connection = mydatabase;

    mydatabase.Open();
    system.ExecuteNonQuery();
    dataGridView1.Update();

    this.tableAdapterManager.UpdateAll(csharrpfinalprojectDataSet);
    mydatabase.Close();

    MessageBox.Show("Student Record Deleted.", "deleting record...");

3 个解决方案

解决方案1
 2  2012-09-18 09:54:34

In your command text you need to remove single quotes (') around the txtStudentIDnumber.Text as it appears ID is of type integer and you are passing it as string. 在命令文本中,您需要删除txtStudentIDnumber.Text周围的单引号(') 。当txtStudentIDnumber.Text显示为ID时,ID的类型为integer,您将其作为字符串传递。 Following should fix the error. 以下应解决该错误。 

system.CommandText = "DELETE FROM Student WHERE(ID= " + txtStudentIDnumber.Text + ")";

EDIT: With respect to @mdb comments, you should always use Parameters in your query so that you can avoid SQL Injection . 编辑:关于@mdb注释,您应该始终在查询中使用参数 ,以便可以避免SQL Injection Consider the following: 考虑以下: 

OleDbCommand system = new OleDbCommand();
system.CommandType = CommandType.Text;
system.CommandText = "DELETE FROM Student WHERE ID = ?";
OleDbParameter parameter = new OleDbParameter("ID", txtStudentIDnumber.Text);
system.Parameters.Add(parameter);
system.Connection = mydatabase;

mydatabase.Open();
system.ExecuteNonQuery();
dataGridView1.Update();

解决方案2
 2  2012-09-18 12:10:37

OleDbCommand system = new OleDbCommand();
system.CommandType = CommandType.Text;
system.CommandText = "DELETE FROM Student WHERE ID=@ID";
system.Parameters.AddWithValue("@ID", txtStudentIDnumber.Text);
system.Connection = mydatabase;

mydatabase.Open();
system.ExecuteNonQuery();
dataGridView1.Update();

this.tableAdapterManager.UpdateAll(csharrpfinalprojectDataSet);
mydatabase.Close();

MessageBox.Show("Student Record Deleted.", "deleting record...");

解决方案3
 1  2012-09-18 10:07:44

What will happen when user input for txtStudentIDNumber is, 当用户输入txtStudentIDNumber时会发生什么, 

1 or 1=1

In that case hardcoded SQL string will be, 在这种情况下,将使用硬编码的SQL字符串, 

DELETE FROM Student WHERE(ID=1 or 1=1)

So prefer parameterized sql statement instead of hard-coded string. 因此,建议使用参数化的 sql语句,而不要使用硬编码的字符串。 

using(OleDbConnection cn=new OleDbConnection(cnStr))
 {
  using(OleDbCommand cmd=new OleDbCommand())
   {
    cmd.CommandText="DELETE FROM Student WHERE ID=@ID";
    cmd.Connection=cn;
    cmd.Parameters.Add("@ID",SqlDbType.Int).Value=txtStudentIDnumber.Text;
    cn.Open();
    cmd.ExecuteNonQuery();
    cn.Close();
   }
 }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 条件表达式中的数据类型不匹配尝试添加行时发生异常 - Data type mismatch in criteria expression Exception when trying to add a row 尝试插入Access数据库时条件表达式错误中的数据类型不匹配 - Data type mismatch in criteria expression error when trying to insert into Access database C#“当将数据集的日期添加到数据库时,条件表达式中的数据类型不匹配 - C# "Data type mismatch in criteria expression, when adding date from dataset to database 使用ADO.NET C#从MS Access中删除时,数据类型不匹配的准则表达错误 - data-type-mismatch-in-criteria-expression-error when delete from MS Access with ADO.NET C# 条件表达式中的数据类型不匹配 - Data type mismatch in criteria expression 条件表达式中的数据类型不匹配 - Data type mismatch in criteria expression “条件表达式中的数据类型不匹配” - “Data type mismatch in criteria expression” 条件表达式中的数据类型不匹配 - Data type mismatch in criteria expression 更新类型化数据集表的行时,条件表达式中的数据类型不匹配 - Data type mismatch in criteria expression when updating a typed dataset table's row C# 和 ms 数据库 - 标准表达式中的数据类型不匹配 - C# and ms database - Data type mismatch in criteria expression
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM