1. 首頁
  2. 問答
  3. oledbException是未處理的錯誤appering

oledbException是未處理的錯誤appering

2013-01-10 90 views
0

我試圖填充一個文本框,使用下面的代碼的名字及姓氏:oledbException是未處理的錯誤appering

using (OleDbConnection connName = new OleDbConnection(strCon)) 
      { 

       String sqlName = "SELECT forename, Surname FROM customer WHERE [customerID]=" + txtCustomerID.Text; 

       // Create a command to use to call the database. 
       OleDbCommand commandname = new OleDbCommand(sqlName, connName); 
       connName.Open(); 
       // Create a reader containing the results 


       using (OleDbDataReader readerName = commandname.ExecuteReader()) 
       { 
        readerName.Read(); // Advance to the first row. 
        txtName.Text = readerName[0].ToString(); 
       } 
       connName.Close();     

      }

不過,我發現了錯誤:OleDbException了未處理。

"no required values for one of more required parameters"

ExecuteReader我不知道如何去解決這個問題。

編輯:下面的代碼幾乎是完全相同的查詢中的信息欄,但這個例外是不會爲它。

string strCon = Properties.Settings.Default.PID2dbConnectionString; 

     using (OleDbConnection conn = new OleDbConnection(strCon)) 
     { 
      String sqlPoints = "SELECT points FROM customer WHERE [customerID]=" + txtCustomerID.Text; 
      conn.Open(); 

      // Create a command to use to call the database. 
      OleDbCommand command = new OleDbCommand(sqlPoints, conn); 
      // Create a reader containing the results 

      using (OleDbDataReader reader = command.ExecuteReader()) 
      { 
       reader.Read(); // Advance to the first row. 
       txtPoints.Text = reader[0].ToString(); // Read the contents of the first column 
      } 
      conn.Close(); 
     }

來源

2013-01-10 Bunion

+0

是txtCustomerID.text null? – Brian

+0

你調試了你的代碼嗎?哪條線給你這個錯誤? –

+0

@SonerGönül - 我相信OP說這是這一行:'使用(OleDbDataReader readerName = commandname.ExecuteReader())' – Brian

回答

1

通常的原因是空或空字符串即txtCustomerID.Text沒有價值,因此查詢發送到服務器:

SELECT forename, Surname FROM customer WHERE [customerID]=

你能避免這樣和SQL Injection錯誤,堅決使用鍵入參數並避免使用參數化查詢進行數據截斷(我假定客戶ID是int字段)

using (OleDbConnection connName = new OleDbConnection(strCon)) 
    { 
     String sqlName = "SELECT forename, Surname FROM customer WHERE customerID = @CustomerID"; 

     // Create a command to use to call the database. 
     using (OleDbCommand commandname = new OleDbCommand(sqlName, connName)) 
     { 

      //Check the input is valid 
      int customerID = 0; 
      if (!int.TryParse(txtCustomerID.Text, out customerID)) 
      { 
       txtName.Text = "Customer ID Text box is not an integer"; 
       return; 
      } 


      connName.Open(); 

      // Add the parameter to the command 
      commandname.Parameters.Add("@CustomerID", OleDbType.Integer).Value = customerID; 

      // Create a reader containing the results 
      using (OleDbDataReader readerName = commandname.ExecuteReader()) 
      { 
       readerName.Read(); // Advance to the first row. 
       txtName.Text = readerName[0].ToString(); 
      } 
      connName.Close();     
     } 
    }

來源

2013-01-10 18:19:32 GarethD

+0

這樣做的竅門謝謝! – Bunion

0

您必須對字符串查詢中使用的參數進行編碼。

String sqlName = String.Format("SELECT forname, Surname FROM customer WHERE customerID={0}",txtCustomerID.Text);

但我建議你不要在字符串中使用硬編碼的SQL查詢。它是SQL注入攻擊的簡單方法。您應該使用參數。

來源

2013-01-10 17:08:29 semao

+0

即時我仍然得到相同的錯誤,當我用我當前的sql替換這個, – Bunion

+1

你可以調試和發佈賦值後sqlName變量的值嗎? – semao

+0

調試完sqlname後是「空」,這是我拿的問題嗎?即時通訊非常新的一般C#和SQL。 – Bunion

相關問題

 相關問題