vb.net SelectCommand 属性在调用 'Fill' 之前没有被初始化

【问题标题】:vb.net The SelectCommand property has not been initialized before calling 'Fill'vb.net SelectCommand 属性在调用 'Fill' 之前没有被初始化
【发布时间】:2016-08-09 20:59:22
【问题描述】:

当我运行 cod 时,我看到了这些错误 SelectCommand 属性在调用“Fill”之前尚未初始化。 关于“adb.Fill(ds1)”

Imports System.Data.Sql
Module ComModule
Public sqlconn As New SqlClient.SqlConnection
Public Sub openconn()
    If sqlconn.State = 1 Then sqlconn.Close()
    Try
        sqlconn.ConnectionString = "Data Source=MRSOFTWARE-PC;Initial Catalog=ComShop;Integrated Security=True"
        sqlconn.Open()
    Catch ex As Exception
        MessageBox.Show(ex.Message, "Not Connection", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1, MessageBoxOptions.RightAlign)
        sqlconn.Close()
        End
    End Try
End Sub
Public Function LastNum(tablename, orderbyfield) As Integer
    LastNum = 0
    Dim str = "select * from " & tablename & "order by" & orderbyfield
    Dim adb As New SqlClient.SqlDataAdapter()
    Dim ds1 = New DataSet
    adb.Fill(ds1)
    Dim DT As DataTable
    DT = ds1.Tables(0)
    If DT.Rows.Count <> 0 Then
        Dim i = DT.Rows.Count - 1
        LastNum = Val(DT.Rows(i).Item(0))
    End If
End Function

结束模块

TextBox1.Text = Format(LastNum("Customer", "CustomerId") + 1, "c0")

【问题讨论】:

  • Dim adb As New SqlClient.SqlDataAdapter("select * from " & tablename & " order by " & orderbyfield) 但请注意您的输入。这是 sql 注入(以及缺失的空格)的一扇敞开的大门
  • 您只需将选择命令放在一个字符串中,您必须以某种方式将其提供给SqlDataAdapter(构造函数、.SelectCommand 属性等)

标签: sql-server vb.net


【解决方案1】:

试试这个...

首先,您必须使用参数化查询来避免 SQL 注入。

您只需要一个SQLCommand 具有有效sql 查询的对象。然后你应该将该 SQLCommand 对象作为 args 传递给 SQLAdapter 构造函数。

Imports System.Data.Sql
    Module ComModule
        Public sqlconn As New SqlClient.SqlConnection
        Public Sub openconn()
            If sqlconn.State = 1 Then sqlconn.Close()
            Try
                sqlconn.ConnectionString = "Data Source=MRSOFTWARE-PC;Initial Catalog=ComShop;Integrated Security=True"
                sqlconn.Open()
            Catch ex As Exception
                MessageBox.Show(ex.Message, "Not Connection", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1, MessageBoxOptions.RightAlign)
                sqlconn.Close()
                End
            End Try
        End Sub
        Public Function LastNum(tablename, orderbyfield) As Integer
            LastNum = 0
            Dim str = "select * from @tablename order by @orderbyfield"
            Dim sqlCmd As New SqlClient.SqlCommand(str , sqlCon)
            sqlCmd.Parameters.Add("@tablename", SqlDbType.VarChar, 50).Value=tablename
            sqlCmd.Parameters.Add("@orderbyfield", SqlDbType.VarChar, 50).Value=orderbyfield
            Dim adb As New SqlClient.SqlDataAdapter(sqlCmd)
            Dim ds1 = New DataSet
            adb.Fill(ds1)
            Dim DT As DataTable
            DT = ds1.Tables(0)
            If DT.Rows.Count <> 0 Then
                Dim i = DT.Rows.Count - 1
                LastNum = Val(DT.Rows(i).Item(0))
            End If
        End Function


    End Module

【讨论】:

  • 当我点击 Button1 时显示 c3 和点击 agen 时显示 c4 ....etc
猜你喜欢
  • 1970-01-01
  • 1970-01-01
  • 2013-03-02
  • 2015-10-03
  • 1970-01-01
  • 2016-04-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode