0

查询表达式“Prod_Num =”中出现此语法错误(缺少运算符)。当我尝试在数据库中搜索项目时总是出现。请帮我。

导入系统导入 System.Data 导入 System.Data.OleDb

公开课形式1

Dim con As New OleDb.OleDbConnection
Dim cmd As OleDbCommand
Dim da As OleDb.OleDbDataAdapter
Dim ds As New DataSet
Dim dt As New DataTable
Dim sql As String
Dim dbp As String
Dim dbs As String

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
    dbp = "Provider = Microsoft.ACE.OLEDB.12.0;"
    dbs = "Data Source=" & Application.StartupPath & "/POS.accdb"
    con.ConnectionString = dbp & dbs
    con.ConnectionString = dbp & dbs
    con.Open()
    sql = "SELECT * FROM tblInventory"
    da = New OleDb.OleDbDataAdapter(sql, con)
    da.Fill(dt)
    dgList.DataSource = dt
    txtPNum.Focus()
End Sub

Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSearch.Click
    dt.Clear()
    txtPNum.Text = ""
    sql = "SELECT * FROM tblInventory WHERE Prod_Num =" & txtPNum.Text
    da = New OleDb.OleDbDataAdapter(sql, con)
    da.Fill(dt)
    dgList.DataSource = dt
    txtPName = dt.Rows(0).Item(1)
    txtNOrder = dt.Rows(0).Item(2)
    txtPRem = dt.Rows(0).Item(3)
    txtPrice = dt.Rows(0).Item(4)
    txtPNum.Focus()
End Sub
4

3 回答 3

1

我的猜测是你在这里有问题:

Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSearch.Click
    dt.Clear()
    txtPNum.Text = ""   ' <-----------------
    sql = "SELECT * FROM tblInventory WHERE Prod_Num =" & txtPNum.Text
    da = New OleDb.OleDbDataAdapter(sql, con)
    da.Fill(dt)
    dgList.DataSource = dt
    txtPName = dt.Rows(0).Item(1)
    txtNOrder = dt.Rows(0).Item(2)
    txtPRem = dt.Rows(0).Item(3)
    txtPrice = dt.Rows(0).Item(4)
    txtPNum.Focus()
End Sub

删除这一行:

txtPNum.Text = ""

txtPNum因为您总是在将文本框的文本传递给查询之前清除它。

笔记:

不要忘记通过参数化查询来实现它。这不是一个好方法。

请参阅参数化查询示例:

示例 1

示例 2

希望能帮助到你!

于 2013-08-15T05:13:59.650 回答
0

txtPNum.Text 是否包含任何数据?

您为什么不尝试检查一下,因为如果它为空,您正在运行的 SQL 语句是“SELECT * FROM tblInventory WHERE Prod_Num =”,这会引发该错误。

此外,如果 Prod_Num 列是整数,那么如果该值是字符串,也许您应该使用 int(txtPNum.Text),这也可以防止 SQL 注入。

于 2013-08-15T04:34:13.720 回答
0

除了txtPNum.Text其他人指出的问题外,我还推荐其他几件事:

  1. 使用参数化查询来避免 SQL 注入。
  2. 在连接中使用Using块,并在完成后立即关闭连接。例如,在您的 Form_Load 中,您打开连接并使其保持打开状态。这不是好的做法。

例子:

Imports System 
Imports System.Data 
Imports System.Data.OleDb

Public Class Form1

    Dim con As OleDbConnection
    Dim cmd As OleDbCommand
    Dim da As OleDbDataAdapter
    Dim ds As New DataSet
    Dim dt As New DataTable
    Dim dbp As String
    Dim dbs As String

    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

        dbp = "Provider = Microsoft.ACE.OLEDB.12.0;"
        dbs = "Data Source=" & Application.StartupPath & "/POS.accdb"

        Using con As OleDbConnection = New OleDbConnection(dbp & dbs)

            con.Open()

            da = New OleDbDataAdapter("SELECT * FROM tblInventory", con)
            da.Fill(dt)

            dgList.DataSource = dt
        End Using

        txtPNum.Focus()
    End Sub

    Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSearch.Click

        dt.Clear()

        Using con As OleDbConnection = New OleDbConnection(dbp & dbs)

            con.Open()

            da = New OleDbDataAdapter("SELECT * FROM tblInventory WHERE Prod_Num = @ProdNum", con)
            da.SelectCommand.Parameters.AddWithValue("@ProdNum", txtPNum.Text)
            da.Fill(dt)

            dgList.DataSource = dt         
        End Using

        txtPName = dt.Rows(0).Item(1)
        txtNOrder = dt.Rows(0).Item(2)
        txtPRem = dt.Rows(0).Item(3)
        txtPrice = dt.Rows(0).Item(4)
        txtPNum.Focus()
    End Sub

我还建议添加一些 Try Catch 块来处理错误,如果您分配给文本框的值不是字符串,则可能需要转换它们。

于 2013-08-15T05:45:20.057 回答