C# OLEDB ExecuteReader Error

本文关键字:Error ExecuteReader OLEDB | 更新日期: 2023-09-27 18:05:13

我对在Visual Studio中使用M-S Access数据库很陌生,因此我不熟悉OLEDB语法。我设法利用各种互联网资源创建了这个程序。到目前为止,我的程序让用户登录到登录表单,然后对用户名和密码字段进行数据测试,如果它们匹配,则将用户重定向到第二个表单,然后使用他们登录的名称从Access数据库收集数据,但是我一直得到错误"没有为一个或多个所需参数给定的值。",当它尝试执行根据名称从数据库收集数据的代码时。这是我到目前为止的代码:

private void Form2_Load(object sender, EventArgs e)
    {
        string username = lblName.Text;
        OleDbConnection con = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:'Users'Rhys'Documents'Visual Studio 2013'Projects'AssignmentTrackerV2'AssignmentTrackerV2'bin'Debug'ATDatabase.accdb");
        DataTable dt = new DataTable();
        con.Open();
        OleDbDataReader dr = null;
        OleDbCommand cmd = new OleDbCommand("SELECT [Name], [Surname], [Password], [ID] FROM MemberDetails WHERE [Name] = '" + username + "'", con);
//This is where the error is occuring.
        **dr = cmd.ExecuteReader();**
        while (dr.Read())
        {
            lblName.Text = (dr["Name"].ToString() + dr["Surname"].ToString());
            lblCourseTitle.Text = (dr["CourseTitle"].ToString());
            lblID.Text = "ID: " + (dr["MemberID"].ToString());
        }
        con.Close();
    }

关于如何修复此错误的任何建议将不胜感激,如前所述,我是相当新的OLEDB语法和道歉,如果有一个简单的解决方案,谢谢!

C# OLEDB ExecuteReader Error

尝试使用此代码

     string username = lblName.Text;
    using(OleDbConnection con = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:'Users'Rhys'Documents'Visual Studio 2013'Projects'AssignmentTrackerV2'AssignmentTrackerV2'bin'Debug'ATDatabase.accdb"))
    {
         using(OleDbCommand cmd = new OleDbCommand(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:'Users'Rhys'Documents'Visual Studio 2013'Projects'AssignmentTrackerV2'AssignmentTrackerV2'bin'Debug'ATDatabase.accdb"))
         {
            cmd.Connection = con;
            cmd.CommandText = "SELECT [Name], [Surname], [Password], [ID] FROM MemberDetails WHERE [Name] = '" + username + "'";
            cmd.CommandType = CommandType.Text;
            OleDbDataReader dr = null;
            try 
            {           
                con.Open();
                dr = cmd.ExecuteReader();
                while (dr.Read())
                {
                   lblName.Text = (dr["Name"].ToString() + dr["Surname"].ToString());
                   lblCourseTitle.Text = (dr["CourseTitle"].ToString());
                   lblID.Text = "ID: " + (dr["MemberID"].ToString());
                }
                con.Close();
            }
            catch (Exception)
            {
                throw;
            }}}

乍一看,这应该可以工作。无论如何,您这样做的方式是不好的,因为它使您容易受到SQL注入攻击。试着替换这个:

OleDbCommand cmd = new OleDbCommand("SELECT [Name], [Surname], [Password], [ID] FROM MemberDetails WHERE [Name] = '" + username + "'", con);
与这个:

OleDbCommand cmd = new OleDbCommand("SELECT [Name], [Surname], [Password], [ID] FROM MemberDetails WHERE [Name] = @Name", con);
cmd.Parameters.AddWithValue("@Name", username);
相关文章: