1. 首页
  2. 问答
  3. oledbException是未处理的错误appering

oledbException是未处理的错误appering

2013-01-10 101 views
0

我试图填充一个文本框,使用下面的代码的名字及姓氏:oledbException是未处理的错误appering

using (OleDbConnection connName = new OleDbConnection(strCon)) 
      { 

       String sqlName = "SELECT forename, Surname FROM customer WHERE [customerID]=" + txtCustomerID.Text; 

       // Create a command to use to call the database. 
       OleDbCommand commandname = new OleDbCommand(sqlName, connName); 
       connName.Open(); 
       // Create a reader containing the results 


       using (OleDbDataReader readerName = commandname.ExecuteReader()) 
       { 
        readerName.Read(); // Advance to the first row. 
        txtName.Text = readerName[0].ToString(); 
       } 
       connName.Close();     

      }

不过,我发现了错误:OleDbException了未处理。

"no required values for one of more required parameters"

ExecuteReader我不知道如何去解决这个问题。

编辑:下面的代码几乎是完全相同的查询中的信息栏,但这个例外是不会为它。

string strCon = Properties.Settings.Default.PID2dbConnectionString; 

     using (OleDbConnection conn = new OleDbConnection(strCon)) 
     { 
      String sqlPoints = "SELECT points FROM customer WHERE [customerID]=" + txtCustomerID.Text; 
      conn.Open(); 

      // Create a command to use to call the database. 
      OleDbCommand command = new OleDbCommand(sqlPoints, conn); 
      // Create a reader containing the results 

      using (OleDbDataReader reader = command.ExecuteReader()) 
      { 
       reader.Read(); // Advance to the first row. 
       txtPoints.Text = reader[0].ToString(); // Read the contents of the first column 
      } 
      conn.Close(); 
     }

来源

2013-01-10 Bunion

+0

是txtCustomerID.text null? – Brian

+0

你调试了你的代码吗?哪条线给你这个错误? –

+0

@SonerGönül - 我相信OP说这是这一行:'使用(OleDbDataReader readerName = commandname.ExecuteReader())' – Brian

回答

1

通常的原因是空或空字符串即txtCustomerID.Text没有价值,因此查询发送到服务器:

SELECT forename, Surname FROM customer WHERE [customerID]=

你能避免这样和SQL Injection错误,坚决使用键入参数并避免使用参数化查询进行数据截断(我假定客户ID是int字段)

using (OleDbConnection connName = new OleDbConnection(strCon)) 
    { 
     String sqlName = "SELECT forename, Surname FROM customer WHERE customerID = @CustomerID"; 

     // Create a command to use to call the database. 
     using (OleDbCommand commandname = new OleDbCommand(sqlName, connName)) 
     { 

      //Check the input is valid 
      int customerID = 0; 
      if (!int.TryParse(txtCustomerID.Text, out customerID)) 
      { 
       txtName.Text = "Customer ID Text box is not an integer"; 
       return; 
      } 


      connName.Open(); 

      // Add the parameter to the command 
      commandname.Parameters.Add("@CustomerID", OleDbType.Integer).Value = customerID; 

      // Create a reader containing the results 
      using (OleDbDataReader readerName = commandname.ExecuteReader()) 
      { 
       readerName.Read(); // Advance to the first row. 
       txtName.Text = readerName[0].ToString(); 
      } 
      connName.Close();     
     } 
    }

来源

2013-01-10 18:19:32 GarethD

+0

这样做的窍门谢谢! – Bunion

0

您必须对字符串查询中使用的参数进行编码。

String sqlName = String.Format("SELECT forname, Surname FROM customer WHERE customerID={0}",txtCustomerID.Text);

但我建议你不要在字符串中使用硬编码的SQL查询。它是SQL注入攻击的简单方法。您应该使用参数。

来源

2013-01-10 17:08:29 semao

+0

即时我仍然得到相同的错误,当我用我当前的sql替换这个, – Bunion

+1

你可以调试和发布赋值后sqlName变量的值吗? – semao

+0

调试完sqlname后是“空”,这是我拿的问题吗?即时通讯非常新的一般C#和SQL。 – Bunion

相关问题

 相关问题