使用變量將數據從MS Access數據庫提取到DataGridView

Question

我正在設計一個C＃應用程序，它從現有的MS Access數據庫中提取資產信息。

string conn = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=O:\IT\IT Hardware\HWInv.accdb"; 
      string dbcmd = "SELECT tblInvCategory.Category, tblInvManufacturer.Manufacturer, tblInvModel.Model, tblInvMaster.SerialNumber, tblInvMaster.InvNumber, tblInvMaster.InvNumberExternal, tblInvCompany.CompanyName, tblInvCustomer.CustomerName, tblInvLocation.Location, tblInvMaster.OfficeNumber, tblInvTechs.TechName, tblInvMaster.TechDate, tblInvMaster.UpdatedBy, tblInvMaster.UpdatedDate, tblInvMaster.DeployDate, tblInvMaster.RetirePlanned, tblInvMaster.Status, tblInvMaster.PONumber, tblInvMaster.Notes, tblInvMaster.Audited FROM tblInvTechs INNER JOIN (tblInvModel INNER JOIN (tblInvManufacturer INNER JOIN (tblInvLocation INNER JOIN (tblInvCustomer INNER JOIN (tblInvCompany INNER JOIN (tblInvCategory INNER JOIN tblInvMaster ON tblInvCategory.CategoryID = tblInvMaster.CategoryID) ON tblInvCompany.CompanyID = tblInvMaster.CompanyID) ON tblInvCustomer.CustomerID = tblInvMaster.CustomerID) ON tblInvLocation.LocationID = tblInvMaster.LocationID) ON tblInvManufacturer.ManufacturerID = tblInvMaster.ManufacturerID) ON tblInvModel.ModelID = tblInvMaster.ModelID) ON tblInvTechs.TechID = tblInvMaster.TechID WHERE (((tblInvCustomer.CustomerName)="+ CustomerName + "))"; 

      OleDbConnection con = new OleDbConnection(conn); 
      OleDbCommand cmd = new OleDbCommand(dbcmd, con); 
      OleDbDataAdapter da = new OleDbDataAdapter(cmd); 
      DataTable CustAssets = new DataTable(); 
      da.Fill(CustAssets); 
      dataGridView1.DataSource = CustAssets; 

我在本地的MS Access這裏表的MS Access現有查詢：

SELECT tblInvCategory.Category, tblInvManufacturer.Manufacturer, tblInvModel.Model, tblInvMaster.SerialNumber, tblInvMaster.InvNumber, tblInvMaster.InvNumberExternal, tblInvCompany.CompanyName, tblInvCustomer.CustomerName, tblInvLocation.Location, tblInvMaster.OfficeNumber, tblInvTechs.TechName, tblInvMaster.TechDate, tblInvMaster.UpdatedBy, tblInvMaster.UpdatedDate, tblInvMaster.DeployDate, tblInvMaster.RetirePlanned, tblInvMaster.Status, tblInvMaster.PONumber, tblInvMaster.Notes, tblInvMaster.Audited 

FROM tblInvTechs INNER JOIN (tblInvModel INNER JOIN (tblInvManufacturer INNER JOIN (tblInvLocation INNER JOIN (tblInvCustomer INNER JOIN (tblInvCompany INNER JOIN (tblInvCategory INNER JOIN tblInvMaster ON tblInvCategory.CategoryID = tblInvMaster.CategoryID) ON tblInvCompany.CompanyID = tblInvMaster.CompanyID) ON tblInvCustomer.CustomerID = tblInvMaster.CustomerID) ON tblInvLocation.LocationID = tblInvMaster.LocationID) ON tblInvManufacturer.ManufacturerID = tblInvMaster.ManufacturerID) ON tblInvModel.ModelID = tblInvMaster.ModelID) ON tblInvTechs.TechID = tblInvMaster.TechID 

WHERE (((tblInvCustomer.CustomerName)=[Forms]![frmInvSelectCustomerName]![CustomerName])); 

如上插入時的SQL命令失敗。 Varible Customer Name用於從Access數據庫中爲那個用戶提取這些記錄，但在編譯和運行時失敗。

調用堆棧輸出是這樣的文本展示臺：在查詢表達式（（（tblInvCustomer.CustomerName）=喬·史密斯））'

語法錯誤（缺少運營商）。

看來我的問題是在WHERE語句中。

任何幫助，非常感謝。

謝謝，

Answer 1

如果您使用參數化查詢，您可以避免這類問題。
出現此錯誤的原因是，如果CustomerName字段是字符串，則條件中使用的每個值都應該用單引號引起來。
但是，手動設置引號對於可能的Sql注入很危險，並且如果用作值的字符串包含自己的單引號，則可能會導致其他語法錯誤。
使用參數化查詢避免這一切

string dbcmd = "SELECT ...... " & _ 
       "WHERE (((tblInvCustomer.CustomerName)=?))"; 

然後

using(OleDbConnection con = new OleDbConnection(conn)) 
using(OleDbCommand cmd = new OleDbCommand(dbcmd, con)) 
using(OleDbDataAdapter da = new OleDbDataAdapter(cmd)) 
{ 
    cmd.Parameters.AddWithValue("@p1", CustomerName); 
    DataTable CustAssets = new DataTable(); 
    da.Fill(CustAssets); 
    dataGridView1.DataSource = CustAssets; 
} 

Answer 2

這裏是通往一個問題有點類似你這樣的帖子的鏈接。你可能想先檢查了這一點：

http://social.msdn.microsoft.com/Forums/en-US/8ee73442-f28b-49ab-a4d9-8b550f841aa4/binding-ms-access-db-to-a-datagrid-view-in-c-windows-forms?forum=winformsdatacontrols