[英]DATA TYPE MISMATCH error IN CRITERIA EXPRESSION (ms Access)
請找出我的代碼中的錯誤。
准則表達中的數據類型錯誤。
OleDbCommand cmd = new OleDbCommand("DELETE tbbill.*, tbgrid.* FROM tbbill INNER JOIN tbgrid ON tbbill.invoice = tbgrid.ginovice WHERE tbbill.invoice ='" + Convert.ToInt32(txtinvoice.Text) + "'", con);
cmd.ExecuteNonQuery();
cmd.Dispose();
它一定要是
OleDbCommand cmd = new OleDbCommand(
"DELETE tbbill.*, tbgrid.*
FROM tbbill
INNER JOIN tbgrid
ON tbbill.invoice = tbgrid.ginovice
WHERE tbbill.invoice = " + Convert.ToInt32(txtinvoice.Text) , con);
我已從發票中刪除''
而您應該始終使用參數化的SQL來防止SQL注入
OleDbCommand cmd = new OleDbCommand(
"DELETE tbbill.*, tbgrid.*
FROM tbbill
INNER JOIN tbgrid
ON tbbill.invoice = tbgrid.ginovice
WHERE tbbill.invoice = @invoice", con);
cmd.Parameters.Add("@invoice", Convert.ToInt32(txtinvoice.Text) );
cmd.ExecuteNonQuery();
單引號用於字符,如果您的invoice
是數字類型的,則需要刪除這些引號,例如;
tbbill.invoice = " + Convert.ToInt32(txtinvoice.Text) + ...
始終使用參數化查詢 。 這類字符串連接對SQL注入攻擊開放。
並使用using
語句自動處理您的命令和連接,而不是手動調用Dispose
方法。
using(OleDbConnection con = new OleDbConnection(conString))
using(OleDbCommand cmd = con.CreateCommand())
{
cmd.CommandText = "DELETE tbbill.*, tbgrid.* FROM tbbill INNER JOIN tbgrid ON tbbill.invoice = tbgrid.ginovice WHERE tbbill.invoice = @invoice";
cmd.Parameters.Add("@invoice", OleDbType.Integer).Value = Convert.ToInt32(txtinvoice.Text);
// I used OleDbType.Integer in my example. You should use proper OleDbType for your column.
con.Open();
cmd.ExecuteNonQuery();
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.