1
一個錯誤值出現時,我想在C#應用程序,它是執行我的SQL語句:沒有爲一個或多個必需的參數給出C#
沒有爲一個或多個必需的參數給定值。
我正在使用MS訪問數據庫的C#。 這是我的代碼:
string string2 = "";
if (radButton2 != null)
{
string2 = " and signaal1.info='" + radButton2.Text + "' ";
}
else
string2 = " and signaal1.info='0' ";
if (radButton3 != null)
{
string2 += " and situation.info='" + radButton3.Text + "' ";
}
OleDbCommand cmd = new OleDbCommand("SELECT actionz.info, relationz.id AS actionz FROM ((((relationz LEFT OUTER JOIN conditions ON relationz.conditions_id = conditions.id) LEFT OUTER JOIN situation ON relationz.situation_id = situation.id) LEFT OUTER JOIN car_type ON relationz.car_id = car_type.id) LEFT OUTER JOIN actionz ON relationz.action_id = actionz.id) LEFT OUTER JOIN signal AS signaal1 ON relationz.signal_id = signaal1.id where car_type.info='" + radButton1.Text + "' " + string2 + " ORDER BY conditions.id ASC", objConn);
//cmd.Parameters.AddWithValue("@car_type", radButton1.Text);
OleDbDataReader dataReader = cmd.ExecuteReader();
當你添加字符串值時,你的'cmd'看起來像什麼?就在'OleDbDataReader dataReader = cmd.ExecuteReader();'行之前?調試您的代碼並告訴我們。你應該總是使用[參數化查詢](http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/)。這種字符串連接對於[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)攻擊是開放的。 –
你應該調試實際的查詢字符串,然後你可以看到你的查詢有什麼問題。 –
我把它作爲筆記!,我手動添加: car_type.info ='「+ radButton1.Text +」'「 –