本文介绍了这是不提供的参数化查询的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我不断收到此错误:
Code:
Public Function AuthenticateAdmin() As Boolean
Dim Success As Boolean
Dim strConn As String
strConn = ConfigurationManager.ConnectionStrings("HMVDb").ToString
Dim conn As New SqlConnection(strConn.ToString())
Dim cmd As New SqlCommand("SELECT * FROM Admin WHERE AdminEmail=@AdminEmail AND Adminpassword=@Adminpassword", conn)
cmd.Parameters.AddWithValue("@AdminEmail", EMail)
cmd.Parameters.AddWithValue("@AdminPassword", Password)
Dim da As New SqlDataAdapter(cmd)
Dim ds As New DataSet
conn.Open()
da.Fill(ds, "Admin")
conn.Close()
If ds.Tables("Admin").Rows.Count > 0 Then
Dim aemail As String = ds.Tables("Admin").Rows(0).Item("AdminEmail")
Dim apass As String = ds.Tables("Admin").Rows(0).Item("AdminPassword")
Dim aid As Integer = ds.Tables("Admin").Rows(0).Item("AdminID")
Dim aname As String = ds.Tables("Admin").Rows(0).Item("AdminName")
If EMail = aemail And Password = apass Then
ID = aid ' Shopper ID that identify Ecader
Name = aname
Success = True 'Shopper is authenticated
Else
Success = False 'Authentication fail
End If
End If
'Return the authentication result to calling program
Return Success
End Function
解决方案
Your @AdminEmail variable EMail is null. You cannot pass a null on a required parameter. Use DBNull.Value.
When using null, you are informing Sql Server that you are omitting the parameter. This can be useful for an optional parameter with a default value, but causes an error for a required parameter.
I recommend that you use always use a utility function when passing a value to a command parameter.
For example:
public static object GetDataValue(object value)
{
if(value == null)
{
return DBNull.Value;
}
return value;
}
and then use
cmd.Parameters.AddWithValue("@AdminEmail", GetDataValue(EMail))
这篇关于这是不提供的参数化查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!