0

我正在尝试使用此代码显示在根据先前标记的字段研究信息的网格上

SQL = "SELECT * FROM funcionario WHERE setor ='" + TxtPesq.Text + "'"
                myCommand.Connection = conn
                myCommand.CommandText = SQL
                myAdapter.SelectCommand = myCommand
                myAdapter.Fill(myData)
                DataGridView1.DataSource = myData
4

1 回答 1

0
  • 使用using声明正确处理对象。
  • 参数化您的查询以避免sql注入

完整代码

Dim dSet As New Dataset
Dim SQL AS String= "SELECT * FROM funcionario WHERE setor = @setor"
Using conn As New MySqlConnection("connectionStr HERE")
    Using myCommand As New MysqlCommand()
        With MyCommand
            .Connection = conn
            .CommandText = SQL
            .CommandType = CommandType.Text
            .Parameters.AddWithValue("@setor", TxtPesq.Text) 
        End With
        Using myAdapter As New MySQLDataAdapter(myCommand)
            Try
                myAdapter.Fill(dset)
                DataGridView1.DataSource = dset.tables(0)
            Catch(ex as MySQLException)
                Msgbox (ex.Messge)
            End Try
        End Using
    ENd Using
ENd Using
于 2012-10-25T04:46:42.253 回答