使用GridView删除记录

Question

我在删除记录中存在一些问题。我使用VB.net和Access数据库。当我尝试运行这个程序时，没有错误，但是记录没有在数据库中删除。有一个类删除记录，这个类将调用另一个称为DeleteMultipleRecords的方法。这里是我的代码，希望任何人都可以帮助我解决这个问题。

-Default.aspx.vb-

Protected Sub btnDelete_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btnDelete.Click 
    'create string collection to store IDs of records to be deleted 
    Dim idCollection As New StringCollection() 
    Dim strID As String = String.Empty 
    'Loop through GridView rows to find checked rows 
    For i As Integer = 0 To i < GridView1.Rows.Count - 1 
     Dim chkDelete As CheckBox = DirectCast(GridView1.Rows(i).Cells(0).FindControl("chkSelect"), CheckBox) 
     If chkDelete IsNot Nothing Then 
      If chkDelete.Checked Then 

       strID = GridView1.Rows(i).Cells(1).Text 
       idCollection.Add(strID) 

      End If 
     End If 
    Next 

    'called method to delete record 
    DeleteMultipleRecords(idCollection) 

    'rebind(GridView) 
    GridView1.DataBind() 
End Sub 
Private Sub DeleteMultipleRecords(ByVal idCollection As StringCollection) 
    'create connection 
    Dim cnnOLEDB As New OleDbConnection(strConnection) 
    Dim IDs As String = "" 

    'create string builder to store 
    'delete commands seperated by ; 

    For Each id As String In idCollection 

     IDs += id.ToString() & "," 
    Next 

    Try 

     Dim strIDs As String = IDs.Substring(0, IDs.LastIndexOf("")) 
     Dim strSql As String = ("Delete from Details WHERE ID = '" & strIDs & "' ") 

     cmdOLEDB.CommandType = CommandType.Text 
     cmdOLEDB.CommandText = strSql 
     cmdOLEDB.Connection = cnnOLEDB 
     cnnOLEDB.Open() 
     cmdOLEDB.ExecuteNonQuery() 
     cmdOLEDB.Dispose() 

    Catch ex As OleDbException 

     Dim errorMsg As String = "Error in Deletion" 
     errorMsg += ex.Message 
     Throw New Exception(errorMsg) 

    Finally 
     cnnOLEDB.Close() 
    End Try 

End Sub 

-Default.aspx-

<asp:GridView ID="GridView1" runat="server" AllowPaging="True" 
     DataSourceID="SqlDataSource1" AutoGenerateColumns="False" DataKeyNames="ID"> 
     <Columns> 
     <asp:TemplateField HeaderText="Select"> 
<ItemTemplate> 

<asp:CheckBox ID="chkSelect" runat="server" /> 
</ItemTemplate> 
</asp:TemplateField> 
<asp:BoundField DataField="ID" HeaderText="ID" SortExpression="ID"/> 

<asp:TemplateField HeaderText="Name" 
        SortExpression="Name"> 
<ItemTemplate> 
<asp:TextBox ID="txtName" runat="server" 
      Text='<%# Bind("Name") %>' ReadOnly="true" 
      BorderStyle="none" 
      BorderWidth="0px" > 
</asp:TextBox> 
</ItemTemplate> 
</asp:TemplateField> 

<asp:TemplateField HeaderText="Location" 
        SortExpression="Location"> 
<ItemTemplate> 
<asp:TextBox ID="txtLocation" runat="server" 
      Text='<%# Bind("Location") %>' 
      ReadOnly="true" 
      BorderStyle="none" BorderWidth="0px"> 
</asp:TextBox> 
</ItemTemplate> 
</asp:TemplateField> 
     </Columns> 
    </asp:GridView> 

    <asp:SqlDataSource ID="SqlDataSource1" runat="server" 
     ConnectionString="<%$ ConnectionStrings:LabSystemDBConnectionString %>" 
     ProviderName="<%$ ConnectionStrings:LabSystemDBConnectionString.ProviderName %>" 
     SelectCommand="SELECT * FROM [Details]" 
     DeleteCommand = "DELETE FROM [Details] WHERE ID = [@ID]"> 

    <DeleteParameters> 
    <asp:Parameter Name="ID" /> 
    </DeleteParameters></asp:SqlDataSource> 


    <asp:Button ID="btnDelete" runat="server" OnClick="btnDelete_Click" OnClientClick="return DeleteConfirmation();" Text="Delete" /> 
    &nbsp;<br /> 

Answer 1

你应该改变这些线路的工作：

For Each id As String In idCollection 

    IDs += "'" + id.ToString() & "'," 
Next 

Try 

    Dim strIDs As String = IDs.Substring(0, IDs.LastIndexOf("")) 
    Dim strSql As String = ("Delete from Details WHERE ID IN (" & strIDs & ")") 

但是：这个代码是容易SQL INJECTION，您必须使用SQL参数在2012年

Answer 2

请

Dim strSql As String = ("Delete from Details WHERE ID IN (" & strIDs & ")") 

设置一个断点，然后运行应用程序，并添加手表STRSQL，当断点被击中，按F11，然后你可以看到strSql的内容，复制该sql语句并在你的Access数据库中运行查询，看看它是否工作。

PS：尝试添加[]以表名，删除[详情]