这里是法典。
string search = textBox1.Text;
int s = Convert.ToInt32(search);
string conn="Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\Data.accdb";
string query="SELECT playerBatStyle FROM Player where playerID= " + s + ";
OleDbDataAdapter dAdapter=new OleDbDataAdapter (query ,conn );
OleDbCommandBuilder cBuilder=new OleDbCommandBuilder (dAdapter );
DataTable dTable=new DataTable ();
dAdapter .Fill (dTable );
dataGridView1.DataSource = dTable;
你在哪一条款中一字不提。 相反:
string query = String.Format("SELECT playerBatStyle FROM Player where playerID={0}", s);
正如其他人提到的那样,在询问中不需要这种报价,你确实需要数据集成线。
而且,如果你再说的话,在试图将其转换为愤怒之前,你要检查一下案文箱中实际上存在的价值。 由于数据Adapter正在作为选择性商业财产内部处理指挥,你不需要OlegDbCommandBuilder。 明确考虑使用参数分辨率,这将减少jection射的脆弱性。
我的建议如下:
if (textBox1.Text != "")
{
string search = textBox1.Text;
int s = Convert.ToInt32(search);
string conn = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Local Docs\Temp\Data.accdb";
string query = "SELECT playerBatStyle FROM Player where playerID=@playerID";
OleDbDataAdapter dAdapter = new OleDbDataAdapter(query, conn);
dAdapter.SelectCommand.Parameters.AddWithValue("@playerID", s);
DataTable dTable = new DataTable();
dAdapter.Fill(dTable);
dataGridView1.DataSource = dTable;
dataGridView1.DataBind();
}
你们所贴出的手法是 looks。 不过,有一些更正:
...
//fix lots of missing quotation marks
string query="SELECT playerBatStyle FROM Player where playerID= " + s + " ";
...
dataGridView1.DataBind(); //yes, we should call DataBind
string query = "SELECT playerBatStyle FROM Player where playerID=" + s + ";
归根结底,如果你想要在数据GridView中显示结果,你就必须做<条码>。
在脚注中,总是建议使用parametrized query,而不是将电离层中的数值混为一谈,这并非安全。
利用这一查询检索与用户搜索有关的数据
<代码> 三. 杀虫剂 “+s+” ;
see if this example can help you,
在这方面。
In my webpages I have references to js and images as such: "../../Content/Images/"Filename" In my code if I reference a file as above, it doesnt work so i have to write: "c:/miscfiles/"filename" 1-...
I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...
Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...
I m looking for best practices here. Sorry. I know it s subjective, but there are a lot of smart people here, so there ought to be some "very good" ways of doing this. I have a custom object called ...
I am implementing Transaction using TransactionScope with the help this MSDN article http://msdn.microsoft.com/en-us/library/system.transactions.transactionscope.aspx I just want to confirm that is ...
i have the following base controller... public class BaseController : Controller { protected override void Initialize(System.Web.Routing.RequestContext requestContext) { if (...
For what it is necessary Microsoft.Contracts namespace in asp.net? I mean, in what cases I could write using Microsoft.Contracts;?
I d like to add a simple separator line in an aspx web form. Does anyone know how? It sounds easy enough, but still I can t manage to find how to do it.. 10x!