[英]Show SQL Column Item in VB.NET TextBox
我希望SQL Database列的特定值出现在文本框中,但是我的代码出现错误,似乎在此行:
昏暗的lrd作为MySqlDataReader = cmd.ExecuteReader()
Imports MySql.Data.MySqlClient
公共班级主要
Dim conn As MySqlConnection
Private Sub Main_Load(sender As Object, e As EventArgs) Handles Me.Load
conn = New MySqlConnection()
conn.ConnectionString = "server='127.0.0.1';user id='root';Password='test';database='snipper'"
Try
conn.Open()
Catch myerror As MySqlException
MsgBox("Error Connecting to Database. Please Try again !")
End Try
Dim strSQL As String = "SELECT * FROM snippets"
Dim da As New MySqlDataAdapter(strSQL, conn)
Dim ds As New DataSet
da.Fill(ds, "snippets")
With ComboBox1
.DataSource = ds.Tables("snippets")
.DisplayMember = "title"
.SelectedIndex = 0
End With
Dim cmd = New MySqlCommand("SELECT snippet FROM snippets where title=" & cbSnippets.Text)
cmd.Connection = conn
Dim lrd As MySqlDataReader = cmd.ExecuteReader()
While lrd.Read()
txtCode.Text = lrd("snippet").ToString()
End While
End Sub
有什么问题吗?
您的实际问题源自此行:
Dim cmd = New MySqlCommand("SELECT snippet FROM snippets where title=" & cbSnippets.Text)
假设我在文本框中输入"This is a test"
,则SQL变为
SELECT snippet
FROM snippets
WHERE title=This is a test
文字周围没有引号,应该是:
SELECT snippet
FROM snippets
WHERE title='This is a test'
但是,如果我要编写"''; DROP TABLE Snippets; -- "
在您的文本框中,您可能会发现自己没有片段表!
您应该始终使用参数化查询,这更安全,更有效(这意味着查询计划可以缓存和重用,因此无需每次都进行编译);
Dim cmd = New MySqlCommand("SELECT snippet FROM snippets where title = @Title")
cmd.Parameters.AddWithValue("@Title", cbSnippets.Text)
Dim lrd As MySqlDataReader = cmd.ExecuteReader()
尝试更改此行:
Dim cmd = New MySqlCommand("SELECT snippet FROM snippets where title=" & cbSnippets.Text)
至 :
Dim cmd = New MySqlCommand("SELECT snippet FROM snippets where title='" & cbSnippets.Text & "'")
请注意您要搜索的字符串周围的引号。 您也可以使用like
比较:
Dim cmd = New MySqlCommand("SELECT snippet FROM snippets where title like '%" & cbSnippets.Text & "%'")
%
符号用作通配符。 在这种情况下,它将查找包含搜索文本的任何字符串,而不是与搜索文本完全相同的字符串。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.