本文介绍了我的代码不起作用的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 29岁程序员，3月因学历无情被辞！ 喜。我已经编写了这段代码来从表中检索数据，其中的名称就像gridview值，但循环只运行一次，直到找到所有记录。 < pre> Dim cmd 作为 新 OleDbCommand Dim dr As OleDbDataReader Dim i 作为 整数 cmd.Connection = cn 对于 i = 0 到 grd.RowCount - 1 cmd.CommandText = SELECT status FROM exam_attendance WHERE rollno =& Val（grd.Item（ 0 ，i）.Value）& AND subject ='& cmbsubject.Text& 'AND ta_date =＃& CType （mskexamdate.Text，日期）。ToString（ MM / dd / yyyy）& ＃AND class ='& cmbclass.Text& 'AND medium ='& cmbmedium.Text& ' dr = cmd.ExecuteReader 如果 dr.HasRows 然后 dr.Read 如果 dr.Item（ status）= PRESENT 然后 grd.Item（ 4 ，i）.Value = True Else grd.Item（ 4 ，i）.Value = 错误 结束 如果 结束 while 结束 如果 下一页 我有什么试过： 我改变了代码但是没有工作解决方案 cmd.CommandText = SELECT status FROM exam_attendance WHERE rollno =& ; Val（grd.Item（ 0 ，i）.Value）& AND subject ='& cmbsubject.Text& 'AND ta_date =＃& CType （mskexamdate.Text，日期）。ToString（ MM / dd / yyyy）& ＃AND class ='& cmbclass.Text& 'AND medium ='& cmbmedium.Text& ' 不是你问题的解决方案，而是你遇到的另一个问题。 永远不要通过连接字符串来构建SQL查询。迟早，您将使用用户输入来执行此操作，这会打开一个名为SQL注入的漏洞，这对您的数据库很容易并且容易出错。 名称中的单引号你的程序崩溃。如果用户输入像Brian O'Conner这样的名称可能会使您的应用程序崩溃，那么这是一个SQL注入漏洞，崩溃是最少的问题，恶意用户输入，并且它被提升为具有所有凭据的SQL命令。 SQL注入 - 维基百科 [ ^ ] SQL注入 [ ^ ] 按示例进行SQL注入攻击 [ ^ ] PHP：SQL注入 - 手册 [ ^ ] SQL注入预防备忘单 - OWASP [ ^ ] 除了 ppolymorphe之外的解决方案＃2 [ ^ ] .. 。 引用：我已编写此代码以从表中检索数据像gridview值这样的名字，但循环只运行一次，直到找到所有记录。 你走错了轨道！想象一下，您的应用程序由1000个用户使用。他们都在同一时间启动应用程序。您的数据库会发生什么？数据库受 DDoS攻击 [ ^ ]！ 你必须立即创建适当的sql语句，这将返回一个正确的数据集。例如： SELECT t1。*，CBool​​（t2。[status] = PRESENT） As IsPresent FROM 表1 作为 t1 INNER JOIN Table2 as t2 ON t1.PrimaryKey = t2.ForeignKey 然后，您必须使用DataGridView绑定该数据。 以上查询语句对于MS Access完全合法数据库引擎。 详情请见： SQL连接的可视化表示 [ ^ ] hi. i have write this code to retrieve data from table where name like gridview value but the loop run only one time not till the all record found.<pre> Dim cmd As New OleDbCommand Dim dr As OleDbDataReader Dim i As Integer cmd.Connection = cn For i = 0 To grd.RowCount - 1 cmd.CommandText = "SELECT status FROM exam_attendance WHERE rollno = " & Val(grd.Item(0, i).Value) & " AND subject = '" & cmbsubject.Text & "' AND ta_date = #" & CType(mskexamdate.Text, Date).ToString("MM/dd/yyyy") & "# AND class = '" & cmbclass.Text & "' AND medium = '" & cmbmedium.Text & "'" dr = cmd.ExecuteReader If dr.HasRows Then While dr.Read If dr.Item("status") = "PRESENT" Then grd.Item(4, i).Value = True Else grd.Item(4, i).Value = False End If End While End If NextWhat I have tried:i've change the code but isn't working 解决方案 cmd.CommandText = "SELECT status FROM exam_attendance WHERE rollno = " & Val(grd.Item(0, i).Value) & " AND subject = '" & cmbsubject.Text & "' AND ta_date = #" & CType(mskexamdate.Text, Date).ToString("MM/dd/yyyy") & "# AND class = '" & cmbclass.Text & "' AND medium = '" & cmbmedium.Text & "'"Not a solution to your question, but another problem you have.Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.SQL injection - Wikipedia[^]SQL Injection[^]SQL Injection Attacks by Example[^]PHP: SQL Injection - Manual[^]SQL Injection Prevention Cheat Sheet - OWASP[^]In addition to solution #2 by ppolymorphe[^]...Quote:i have write this code to retrieve data from table where name like gridview value but the loop run only one time not till the all record found.You're on the wrong track! Imagine, your application is used by 1000 users. All of them start the application at the same time. What's happen with your database? A database is under DDoS attack[^]!You have to create proper sql statement at once, which will return a proper data set. For example:SELECT t1.*, CBool(t2.[status]="PRESENT") As IsPresentFROM Table1 As t1 INNER JOIN Table2 as t2 ON t1.PrimaryKey = t2.ForeignKeyThen, you have to bind that data with DataGridView.Above query statement is totally legal for MS Access database engine.For further details, please see: Visual Representation of SQL Joins[^] 这篇关于我的代码不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！