vb.net 没有为一个或多个必需参数指定值。搜索时出错
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20722791/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
No value given for one or more required parameters. error during Search
提问by Ahmed Faizan
I am trying to search the data in a simple access database. The code is this
我正在尝试在一个简单的访问数据库中搜索数据。代码是这样的
Call connect()
con.Open()
cmd = New OleDbCommand("Select * from PO_Record_Table where Customer=asd", con)
dr = cmd.ExecuteReader
While dr.Read
MsgBox(dr(1))
End While
con.Close()
If I press search button, the error: No value given for one or more required parameters comes on this line
如果我按搜索按钮,则会出现错误:此行上没有为一个或多个必需参数提供值
dr = cmd.ExecuteReader
The record "asd" is in the database customer field as a text type. Why does this error come and how to finish this search without error?
记录“asd”作为文本类型位于数据库客户字段中。为什么会出现此错误以及如何无错误地完成此搜索?
回答by Steve
I suppose that the error is in the text asdpassed as value for the customer name
我想错误出在asd作为客户名称值传递的文本中
cmd = New OleDbCommand("Select * from PO_Record_Table where Customer='asd'", con)
Putting it in single quotes allows the db engine to recognize it as a string value to check against the Customercolumn name. Without quotes it is interpreted as the name of a parameter that you haven't passed to the command.
将它放在单引号中允许数据库引擎将其识别为字符串值以检查Customer列名。没有引号,它被解释为您尚未传递给命令的参数的名称。
EDITIn your comment below you try to pass, as value for the Customer column, the content of a textbox but you forget to add the quotes around your textbox text value.
编辑在您下面的评论中,您尝试将文本框的内容作为 Customer 列的值传递,但您忘记在文本框文本值周围添加引号。
cmd = New OleDbCommand("Select * from PO_Record_Table where Customer='" & textbox.text & "'", con)
However, this should never be done using the string concatenation method, but always with the parameterized approach
但是,这永远不应该使用字符串连接方法来完成,而应始终使用参数化方法
cmd = New OleDbCommand("Select * from PO_Record_Table where Customer=@custName", con)
cmd.Parameters.AddWithValue("@custName", Txt_Find.Text)
dr = cmd.ExecuteReader
.....
This is the only good method to query a database passing a command text with values obtained by user input. This method allows your code to be safe from SQL Injection attacksand remove problems in parsing the content of the textbox. Infact, without a parameter and if your textbox contains a single quote, the string concatenation method would fail with a syntax error.
这是查询传递命令文本的数据库的唯一好方法,该命令文本具有用户输入获得的值。此方法可让您的代码免受SQL 注入攻击,并消除解析文本框内容时出现的问题。事实上,如果没有参数并且您的文本框包含单引号,则字符串连接方法将因语法错误而失败。
回答by Imran Ali Khan
No value given for one or more required parameters Error comes When your Tablename or filed name not exist , check PO_Record_Tableand Customerspelling from your database
没有为一个或多个必需的参数错误的给定值来当你的表名或申请名称不存在,检查PO_Record_Table和Customer拼写从数据库
