本文介绍了嗨,我是初学者,我有这个错误,我不知道什么是错的,任何人都可以帮助我的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 私有 Sub BtnDelete_Click(发件人 As System。 Object ,e As System.EventArgs)句柄 BtnDelete.Click If MessageBox.Show( 你确定吗?, 删除 ,MessageBoxButtons.YesNo,MessageBoxIcon.Warning)= Windows.Forms.DialogResult.Yes 然后 cnsql = 删除TbProduct,其中ProductID =& ProductID& cn = 新 SqlClient.SqlConnection(cnstr) cn.Open() cm = 新 SqlClient.SqlCommand(cnsql,cn) dr = cm.ExecuteReader< ----错误!它表示无效的列名' &产品ID& '。 ShowData() TxtProductNameD.Clear() TxtProductpriceD.Clear() BtnDelete.Enabled = False 其他 TxtProductNameD.Clear() TxtProductpriceD.Clear() BtnDelete.Enabled = False 结束 如果 结束 Sub [edit]已添加代码块 - OriginalGriff [/ edit] 解决方案 使用如下参数 cnsql = 从TbProduct中删除,其中ProductID = @ ProductID cn =新的SqlClient.SqlConnection(cnstr) cn.Open() cm =新的SqlClient.SqlCommand(cnsql,cn) cm.Parameters.AddWithValue( @ ProductID,ProductID) dr = cm.ExecuteReader cnsql = delete TbProduct where ProductID =&产品ID& cn = 新 SqlClient.SqlConnection(cnstr) cn.Open() cm = 新 SqlClient.SqlCommand(cnsql,cn) dr = cm.ExecuteReader< ----错误!它表示无效的列名' & ProductID&'。 嗯。 SQL DELETE操作不要返回SqlReader - 只有SELECT操作才能这样做 - 所以系统对你要做的事情感到困惑。 试试这个: ... cm = 新 SqlClient.SqlCommand(cnsql,cn) cm。 ExecuteScalar 但字符串看起来也是错误的,即使你修复它: cnsql = DELETE FROM TbProduct WHERE ProductID =& ProductID 您对SQL注入攻击持开放态度。连接str用于构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。改为使用参数化查询。 删除TbProduct ...更改为DELETE FROM TbProduct ... - 糟糕... [/ edit] Private Sub BtnDelete_Click(sender As System.Object, e As System.EventArgs) Handles BtnDelete.Click If MessageBox.Show("Are you sure?", "Delete", MessageBoxButtons.YesNo, MessageBoxIcon.Warning) = Windows.Forms.DialogResult.Yes Then cnsql = "delete TbProduct where ProductID= "" & ProductID & """ cn = New SqlClient.SqlConnection(cnstr) cn.Open() cm = New SqlClient.SqlCommand(cnsql, cn) dr = cm.ExecuteReader <----Error! it says Invalid column name ' & ProductID & '. ShowData() TxtProductNameD.Clear() TxtProductpriceD.Clear() BtnDelete.Enabled = False Else TxtProductNameD.Clear() TxtProductpriceD.Clear() BtnDelete.Enabled = False End If End Sub[edit]Code block added - OriginalGriff[/edit] 解决方案 Use parameter as belowcnsql = "delete from TbProduct where ProductID=@ProductID"cn = New SqlClient.SqlConnection(cnstr)cn.Open()cm = New SqlClient.SqlCommand(cnsql,cn)cm.Parameters.AddWithValue("@ProductID",ProductID)dr = cm.ExecuteReadercnsql = "delete TbProduct where ProductID= "" & ProductID & """cn = New SqlClient.SqlConnection(cnstr)cn.Open()cm = New SqlClient.SqlCommand(cnsql, cn)dr = cm.ExecuteReader <----Error! it says Invalid column name ' & ProductID & '.Um.SQL DELETE operations do not return an SqlReader - only SELECT operations do that - so the system is confused as to what you are trying to do.Try this instead:...cm = New SqlClient.SqlCommand(cnsql, cn)cm.ExecuteScalarBut the string looks wrong as well, and even if you fix it:cnsql = "DELETE FROM TbProduct WHERE ProductID= " & ProductIDYou are leavign yourself wide open to SQL injection attacks. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.[edit]"delete TbProduct..." changed to "DELETE FROM TbProduct..." - Oops...[/edit] 这篇关于嗨,我是初学者,我有这个错误,我不知道什么是错的,任何人都可以帮助我的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 10-30 06:21