1
我正在执行以下步骤以从Access数据库运行查询。将参数添加到OleDBConnection
Dim search As String = txtUnitCode.Text
Dim sText As String = String.Empty
Dim aClients As String = My.Settings.ClientDB
Dim sConnString As String = "Provider=Microsoft.Jet.OLEDB.4.0;Data source=" & aClients & ""
Using cn As New OleDb.OleDbConnection(sConnString)
cn.Open()
If txtUnitCode.Text = "" Then Exit Sub
Dim cmd As New OleDb.OleDbCommand("SELECT Name FROM Units WHERE (Code = " & search & ") ", cn)
Dim r As OleDb.OleDbDataReader = cmd.ExecuteReader()
If Not r.HasRows Then Exit Sub
Do While r.Read()
sText = sText & r.GetString(0)
Loop
End Using
txtUnitName.Text = sText
当我运行在VS代码分析表明一个漏洞在这一行
Dim cmd As New OleDb.OleDbCommand("SELECT Name FROM Units WHERE (Code = " & search & ") ", cn)
,基本上我认为它表明代码的search
部分最好应有Parameter
。我有这些使用OleDbDataAdapter
另一个代码的工作,但不能用OleDbConnection
捉摸它的任何指针
感谢
非常感谢,非常感谢 – elmonko