gpt4 book ai didi

vb.net - 查询表达式中的字符串存在语法错误

转载 作者:行者123 更新时间:2023-12-02 07:06:37 25 4
gpt4 key购买 nike

我收到错误,其中“查询表达式'Username = user'中的字符串存在语法错误,我认为问题出在“me.Username.tag”中,但我卡住了。

conn = New OleDbConnection(Get_Constring)
conn.Open()
cmd.Connection = conn
cmd.CommandType = CommandType.Text
cmd.CommandText = "select Username, fname, lname, mname, [password], [level], Question, answer from Instructor where Username= '" & Me.txtusername.Tag

dr = cmd.ExecuteReader
If dr.HasRows Then
While dr.Read
Me.txtusername.Tag = dr("Username")
Me.txtfname.Text = IIf(Not IsDBNull(dr("fname")), dr("fname"), "")
Me.txtlname.Text = IIf(Not IsDBNull(dr("lname")), dr("lname"), "")
Me.txtinitial.Text = IIf(Not IsDBNull(dr("mname")), dr("mname"), "")
Me.txtpassword.Text = IIf(Not IsDBNull(dr("password")), dr("password"), "")
Me.lbllevel.Text = IIf(Not IsDBNull(dr("level")), dr("level"), "")
Me.txtusername.Text = IIf(Not IsDBNull(dr("Username")), dr("Username"), "")
Me.cmbquestion.Text = IIf(Not IsDBNull(dr("Question")), dr("Question"), "")
Me.txtanswer.Text = IIf(Not IsDBNull(dr("answer")), dr("answer"), "")
End While
End If

最佳答案

您没有关闭查询中的报价:

where Username= '" & Me.txtusername.Tag

应该是:

where Username= '" & Me.txtusername.Tag & "'"

重要:您的代码可能容易受到 SQL 注入(inject)攻击。请使用parameterized queries 。像这样的事情:

cmd.CommandText = "select Username, fname,  lname, mname, [password], [level], Question, answer from Instructor where Username= @username"
Dim parameter As New SqlParameter()
parameter.ParameterName = "@username"
parameter.SqlDbType = SqlDbType.NVarChar
parameter.Value = Me.txtusername.Tag
cmd.Parameters.Add(parameter);

关于vb.net - 查询表达式中的字符串存在语法错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/19006965/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com