0

我在删除记录时遇到了一些问题。我将 VB.net 与 Access 数据库一起使用。当我尝试运行这个程序时没有错误,但记录没有在数据库中删除。有一个类可以删除记录,这个类将调用另一个方法,即 DeleteMultipleRecords。这是我的代码,希望任何人都可以帮助我解决这个问题。

-Default.aspx.vb-

Protected Sub btnDelete_Click(ByVal sender As Object, ByVal e As EventArgs) Handles btnDelete.Click
    'create string collection to store IDs of records to be deleted
    Dim idCollection As New StringCollection()
    Dim strID As String = String.Empty
    'Loop through GridView rows to find checked rows 
    For i As Integer = 0 To i < GridView1.Rows.Count - 1
        Dim chkDelete As CheckBox = DirectCast(GridView1.Rows(i).Cells(0).FindControl("chkSelect"), CheckBox)
        If chkDelete IsNot Nothing Then
            If chkDelete.Checked Then

                strID = GridView1.Rows(i).Cells(1).Text
                idCollection.Add(strID)

            End If
        End If
    Next

    'called method to delete record
    DeleteMultipleRecords(idCollection)

    'rebind(GridView)
    GridView1.DataBind()
End Sub
Private Sub DeleteMultipleRecords(ByVal idCollection As StringCollection)
    'create connection
    Dim cnnOLEDB As New OleDbConnection(strConnection)
    Dim IDs As String = ""

    'create string builder to store 
    'delete commands seperated by ;

    For Each id As String In idCollection

        IDs += id.ToString() & ","
    Next

    Try

        Dim strIDs As String = IDs.Substring(0, IDs.LastIndexOf(""))
        Dim strSql As String = ("Delete from Details WHERE ID = '" & strIDs & "' ")

        cmdOLEDB.CommandType = CommandType.Text
        cmdOLEDB.CommandText = strSql
        cmdOLEDB.Connection = cnnOLEDB
        cnnOLEDB.Open()
        cmdOLEDB.ExecuteNonQuery()
        cmdOLEDB.Dispose()

    Catch ex As OleDbException

        Dim errorMsg As String = "Error in Deletion"
        errorMsg += ex.Message
        Throw New Exception(errorMsg)

    Finally
        cnnOLEDB.Close()
    End Try

End Sub

-Default.aspx-

<asp:GridView ID="GridView1" runat="server" AllowPaging="True" 
        DataSourceID="SqlDataSource1" AutoGenerateColumns="False" DataKeyNames="ID">
        <Columns>
        <asp:TemplateField HeaderText="Select">
<ItemTemplate>

<asp:CheckBox ID="chkSelect" runat="server" />
</ItemTemplate>
 </asp:TemplateField>
<asp:BoundField DataField="ID" HeaderText="ID" SortExpression="ID"/>

<asp:TemplateField HeaderText="Name" 
                   SortExpression="Name">
<ItemTemplate>
<asp:TextBox ID="txtName" runat="server" 
             Text='<%# Bind("Name") %>'  ReadOnly="true" 
             BorderStyle="none" 
             BorderWidth="0px" >
</asp:TextBox>
</ItemTemplate>
</asp:TemplateField>

<asp:TemplateField HeaderText="Location" 
                   SortExpression="Location">
<ItemTemplate>
<asp:TextBox ID="txtLocation" runat="server" 
             Text='<%# Bind("Location") %>' 
             ReadOnly="true" 
             BorderStyle="none" BorderWidth="0px">
</asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
        </Columns>
    </asp:GridView>

    <asp:SqlDataSource ID="SqlDataSource1" runat="server" 
        ConnectionString="<%$ ConnectionStrings:LabSystemDBConnectionString %>" 
        ProviderName="<%$ ConnectionStrings:LabSystemDBConnectionString.ProviderName %>" 
        SelectCommand="SELECT * FROM [Details]"
        DeleteCommand = "DELETE FROM [Details] WHERE ID = [@ID]">

    <DeleteParameters>
    <asp:Parameter Name="ID" />
    </DeleteParameters></asp:SqlDataSource>


    <asp:Button ID="btnDelete" runat="server" OnClick="btnDelete_Click" OnClientClick="return DeleteConfirmation();"  Text="Delete" />
    &nbsp;<br />
4

2 回答 2

0

你应该改变这些行来工作:

For Each id As String In idCollection

    IDs += "'" + id.ToString() & "',"
Next

Try

    Dim strIDs As String = IDs.Substring(0, IDs.LastIndexOf(""))
    Dim strSql As String = ("Delete from Details WHERE ID IN (" & strIDs & ")")

但是:此代码容易出现SQL INJECTION,您必须在 2012 中使用 SQL 参数。

于 2012-07-03T06:32:25.393 回答
0

请设置一个断点

Dim strSql As String = ("Delete from Details WHERE ID IN (" & strIDs & ")")

然后运行你的应用程序,并在strSql中添加watch,当断点被命中时,按F11,然后你可以看到strSql的内容,复制那个sql语句并在你的Access数据库中运行查询,看看它是否工作。

PS:尝试在表名中加[],DELETE FROM [详情]

于 2012-07-03T08:13:14.423 回答