1 
Dim elem As String
elem = "Grade School"
Dim v As Integer
v = 0
Dim con As New SqlConnection("SERVER=ANINGDZTS-PC;DATABASE=AEVS;Trusted_Connection = yes;")
Dim cmd As SqlCommand = New SqlCommand("SELECT * FROM tbl_Voter WHERE Department, VotersID  = '" & elem & "''" & txt_PwordElem.Text & "'AND Voted ='" & v & "'", con)

con.Open()
Dim sdr As SqlDataReader = cmd.ExecuteReader()

Try
    If (sdr.Read() = False) Then
        high()
    Else
        MessageBox.Show("WELCOME!")
        elemBallot.Show()
        Me.Hide()
    End If
Catch EX As Exception
    MsgBox(EX.Message)
End Try

End Sub

此代码不起作用,出现错误,“在预期条件的上下文中指定的非布尔类型的表达式,靠近','。”

4

1 回答 1

0

与其尝试通过容易出错的连接字符串来创建 SQL 查询,更好的方法是使用参数化查询。将您的 SqlCommand 声明更改为

Dim cmd As SqlCommand = New SqlCommand("SELECT * FROM tbl_Voter WHERE Department = @Department AND VotersID = @VotersID AND Voted = @Voted", con)

cmd.Parameters.AddWithValue("@Department", elem)
cmd.Parameters.AddWithValue("@VotersID", txt_PwordElem.Text)
cmd.Parameters.AddWithValue("@Voted", v)

奖励:避免 SQL 注入

PS请不要忘记在使用后关闭您的阅读器和连接。

PPS 如果您只是需要根据您的参数确定表“tbl_Voter”中的特定行是否存在(即根据您在做什么的代码来判断) - 使用 DataReader 是多余的。考虑类似查询SELECT 1 FROM tbl_Voter ...并使用ExecuteScalar来检查 Nothing 的返回值

于 2013-09-03T02:40:38.950 回答