1
一个错误值出现时,我想在C#应用程序,它是执行我的SQL语句:没有为一个或多个必需的参数给出C#
没有为一个或多个必需的参数给定值。
我正在使用MS访问数据库的C#。 这是我的代码:
string string2 = "";
if (radButton2 != null)
{
string2 = " and signaal1.info='" + radButton2.Text + "' ";
}
else
string2 = " and signaal1.info='0' ";
if (radButton3 != null)
{
string2 += " and situation.info='" + radButton3.Text + "' ";
}
OleDbCommand cmd = new OleDbCommand("SELECT actionz.info, relationz.id AS actionz FROM ((((relationz LEFT OUTER JOIN conditions ON relationz.conditions_id = conditions.id) LEFT OUTER JOIN situation ON relationz.situation_id = situation.id) LEFT OUTER JOIN car_type ON relationz.car_id = car_type.id) LEFT OUTER JOIN actionz ON relationz.action_id = actionz.id) LEFT OUTER JOIN signal AS signaal1 ON relationz.signal_id = signaal1.id where car_type.info='" + radButton1.Text + "' " + string2 + " ORDER BY conditions.id ASC", objConn);
//cmd.Parameters.AddWithValue("@car_type", radButton1.Text);
OleDbDataReader dataReader = cmd.ExecuteReader();
当你添加字符串值时,你的'cmd'看起来像什么?就在'OleDbDataReader dataReader = cmd.ExecuteReader();'行之前?调试您的代码并告诉我们。你应该总是使用[参数化查询](http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/)。这种字符串连接对于[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)攻击是开放的。 –
你应该调试实际的查询字符串,然后你可以看到你的查询有什么问题。 –
我把它作为笔记!,我手动添加: car_type.info ='“+ radButton1.Text +”'“ –