2

我收到错误“查询表达式'用户名=用户'中的字符串语法错误我认为问题出在“me.Username.tag”但我卡住了。

conn = New OleDbConnection(Get_Constring)
        conn.Open()
        cmd.Connection = conn
        cmd.CommandType = CommandType.Text
        cmd.CommandText = "select Username, fname,  lname, mname, [password], [level], Question, answer from Instructor where Username= '" & Me.txtusername.Tag

        dr = cmd.ExecuteReader
        If dr.HasRows Then
            While dr.Read
                Me.txtusername.Tag = dr("Username")
                Me.txtfname.Text = IIf(Not IsDBNull(dr("fname")), dr("fname"), "")
                Me.txtlname.Text = IIf(Not IsDBNull(dr("lname")), dr("lname"), "")
                Me.txtinitial.Text = IIf(Not IsDBNull(dr("mname")), dr("mname"), "")
                Me.txtpassword.Text = IIf(Not IsDBNull(dr("password")), dr("password"), "")
                Me.lbllevel.Text = IIf(Not IsDBNull(dr("level")), dr("level"), "")
                Me.txtusername.Text = IIf(Not IsDBNull(dr("Username")), dr("Username"), "")
                Me.cmbquestion.Text = IIf(Not IsDBNull(dr("Question")), dr("Question"), "")
                Me.txtanswer.Text = IIf(Not IsDBNull(dr("answer")), dr("answer"), "")
            End While
        End If
4

3 回答 3

3

您没有在查询中关闭引号:

where Username= '" & Me.txtusername.Tag

应该:

where Username= '" & Me.txtusername.Tag & "'"

重要提示:您的代码可能容易受到 SQL 注入攻击。请使用参数化查询。像这样的东西:

cmd.CommandText = "select Username, fname,  lname, mname, [password], [level], Question, answer from Instructor where Username= @username"
Dim parameter As New SqlParameter()
parameter.ParameterName = "@username"
parameter.SqlDbType = SqlDbType.NVarChar
parameter.Value = Me.txtusername.Tag
cmd.Parameters.Add(parameter);
于 2013-09-25T14:00:52.323 回答
2

我认为问题是你没有关闭单引号。

试试这个:

cmd.CommandText = "select Username, fname,  lname, mname, [password], [level], Question, answer from Instructor where Username= '" & Me.txtusername.Tag & "'"
于 2013-09-25T13:58:52.450 回答
1

您还没有关闭在查询结束时打开的单引号

于 2013-09-25T14:00:08.803 回答