使用GridView刪除記錄

Question

我在刪除記錄中存在一些問題。我使用VB.net和Access數據庫。當我嘗試運行這個程序時，沒有錯誤，但是記錄沒有在數據庫中刪除。有一個類刪除記錄，這個類將調用另一個稱爲DeleteMultipleRecords的方法。這裏是我的代碼，希望任何人都可以幫助我解決這個問題。

-Default.aspx.vb-

Protected Sub btnDelete_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btnDelete.Click 
    'create string collection to store IDs of records to be deleted 
    Dim idCollection As New StringCollection() 
    Dim strID As String = String.Empty 
    'Loop through GridView rows to find checked rows 
    For i As Integer = 0 To i < GridView1.Rows.Count - 1 
     Dim chkDelete As CheckBox = DirectCast(GridView1.Rows(i).Cells(0).FindControl("chkSelect"), CheckBox) 
     If chkDelete IsNot Nothing Then 
      If chkDelete.Checked Then 

       strID = GridView1.Rows(i).Cells(1).Text 
       idCollection.Add(strID) 

      End If 
     End If 
    Next 

    'called method to delete record 
    DeleteMultipleRecords(idCollection) 

    'rebind(GridView) 
    GridView1.DataBind() 
End Sub 
Private Sub DeleteMultipleRecords(ByVal idCollection As StringCollection) 
    'create connection 
    Dim cnnOLEDB As New OleDbConnection(strConnection) 
    Dim IDs As String = "" 

    'create string builder to store 
    'delete commands seperated by ; 

    For Each id As String In idCollection 

     IDs += id.ToString() & "," 
    Next 

    Try 

     Dim strIDs As String = IDs.Substring(0, IDs.LastIndexOf("")) 
     Dim strSql As String = ("Delete from Details WHERE ID = '" & strIDs & "' ") 

     cmdOLEDB.CommandType = CommandType.Text 
     cmdOLEDB.CommandText = strSql 
     cmdOLEDB.Connection = cnnOLEDB 
     cnnOLEDB.Open() 
     cmdOLEDB.ExecuteNonQuery() 
     cmdOLEDB.Dispose() 

    Catch ex As OleDbException 

     Dim errorMsg As String = "Error in Deletion" 
     errorMsg += ex.Message 
     Throw New Exception(errorMsg) 

    Finally 
     cnnOLEDB.Close() 
    End Try 

End Sub 

-Default.aspx-

<asp:GridView ID="GridView1" runat="server" AllowPaging="True" 
     DataSourceID="SqlDataSource1" AutoGenerateColumns="False" DataKeyNames="ID"> 
     <Columns> 
     <asp:TemplateField HeaderText="Select"> 
<ItemTemplate> 

<asp:CheckBox ID="chkSelect" runat="server" /> 
</ItemTemplate> 
</asp:TemplateField> 
<asp:BoundField DataField="ID" HeaderText="ID" SortExpression="ID"/> 

<asp:TemplateField HeaderText="Name" 
        SortExpression="Name"> 
<ItemTemplate> 
<asp:TextBox ID="txtName" runat="server" 
      Text='<%# Bind("Name") %>' ReadOnly="true" 
      BorderStyle="none" 
      BorderWidth="0px" > 
</asp:TextBox> 
</ItemTemplate> 
</asp:TemplateField> 

<asp:TemplateField HeaderText="Location" 
        SortExpression="Location"> 
<ItemTemplate> 
<asp:TextBox ID="txtLocation" runat="server" 
      Text='<%# Bind("Location") %>' 
      ReadOnly="true" 
      BorderStyle="none" BorderWidth="0px"> 
</asp:TextBox> 
</ItemTemplate> 
</asp:TemplateField> 
     </Columns> 
    </asp:GridView> 

    <asp:SqlDataSource ID="SqlDataSource1" runat="server" 
     ConnectionString="<%$ ConnectionStrings:LabSystemDBConnectionString %>" 
     ProviderName="<%$ ConnectionStrings:LabSystemDBConnectionString.ProviderName %>" 
     SelectCommand="SELECT * FROM [Details]" 
     DeleteCommand = "DELETE FROM [Details] WHERE ID = [@ID]"> 

    <DeleteParameters> 
    <asp:Parameter Name="ID" /> 
    </DeleteParameters></asp:SqlDataSource> 


    <asp:Button ID="btnDelete" runat="server" OnClick="btnDelete_Click" OnClientClick="return DeleteConfirmation();" Text="Delete" /> 
    &nbsp;<br /> 

Answer 1

你應該改變這些線路的工作：

For Each id As String In idCollection 

    IDs += "'" + id.ToString() & "'," 
Next 

Try 

    Dim strIDs As String = IDs.Substring(0, IDs.LastIndexOf("")) 
    Dim strSql As String = ("Delete from Details WHERE ID IN (" & strIDs & ")") 

但是：這個代碼是容易SQL INJECTION，您必須使用SQL參數在2012年

Answer 2

請

Dim strSql As String = ("Delete from Details WHERE ID IN (" & strIDs & ")") 

設置一個斷點，然後運行應用程序，並添加手錶STRSQL，當斷點被擊中，按F11，然後你可以看到strSql的內容，複製該sql語句並在你的Access數據庫中運行查詢，看看它是否工作。

PS：嘗試添加[]以表名，刪除[詳情]