[英]Show SQL Column Item in VB.NET TextBox
我希望SQL Database列的特定值出現在文本框中,但是我的代碼出現錯誤,似乎在此行:
昏暗的lrd作為MySqlDataReader = cmd.ExecuteReader()
Imports MySql.Data.MySqlClient
公共班級主要
Dim conn As MySqlConnection
Private Sub Main_Load(sender As Object, e As EventArgs) Handles Me.Load
conn = New MySqlConnection()
conn.ConnectionString = "server='127.0.0.1';user id='root';Password='test';database='snipper'"
Try
conn.Open()
Catch myerror As MySqlException
MsgBox("Error Connecting to Database. Please Try again !")
End Try
Dim strSQL As String = "SELECT * FROM snippets"
Dim da As New MySqlDataAdapter(strSQL, conn)
Dim ds As New DataSet
da.Fill(ds, "snippets")
With ComboBox1
.DataSource = ds.Tables("snippets")
.DisplayMember = "title"
.SelectedIndex = 0
End With
Dim cmd = New MySqlCommand("SELECT snippet FROM snippets where title=" & cbSnippets.Text)
cmd.Connection = conn
Dim lrd As MySqlDataReader = cmd.ExecuteReader()
While lrd.Read()
txtCode.Text = lrd("snippet").ToString()
End While
End Sub
有什么問題嗎?
您的實際問題源自此行:
Dim cmd = New MySqlCommand("SELECT snippet FROM snippets where title=" & cbSnippets.Text)
假設我在文本框中輸入"This is a test"
,則SQL變為
SELECT snippet
FROM snippets
WHERE title=This is a test
文字周圍沒有引號,應該是:
SELECT snippet
FROM snippets
WHERE title='This is a test'
但是,如果我要編寫"''; DROP TABLE Snippets; -- "
在您的文本框中,您可能會發現自己沒有片段表!
您應該始終使用參數化查詢,這更安全,更有效(這意味着查詢計划可以緩存和重用,因此無需每次都進行編譯);
Dim cmd = New MySqlCommand("SELECT snippet FROM snippets where title = @Title")
cmd.Parameters.AddWithValue("@Title", cbSnippets.Text)
Dim lrd As MySqlDataReader = cmd.ExecuteReader()
嘗試更改此行:
Dim cmd = New MySqlCommand("SELECT snippet FROM snippets where title=" & cbSnippets.Text)
至 :
Dim cmd = New MySqlCommand("SELECT snippet FROM snippets where title='" & cbSnippets.Text & "'")
請注意您要搜索的字符串周圍的引號。 您也可以使用like
比較:
Dim cmd = New MySqlCommand("SELECT snippet FROM snippets where title like '%" & cbSnippets.Text & "%'")
%
符號用作通配符。 在這種情況下,它將查找包含搜索文本的任何字符串,而不是與搜索文本完全相同的字符串。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.