填充:SelectCommand 连接属性尚未初始化

【问题标题】:fill: SelectCommand connection property has not been initialized填充:SelectCommand 连接属性尚未初始化
【发布时间】:2021-11-04 00:53:44
【问题描述】: 
    Dim SiparisOnayi As String
    Dim SiparisDurumu As String
    Dim SiparisIli As String
    Dim SiparisOdemeYontemi As String
    Dim SiparisKargoFirmasi As String
    Dim SiparisSatisKanali As String
    Dim a1, a2, a3, a4, a5, a6, a7, soncom As String

    If ComboBox1.Text = Nothing Then
        a1 = Nothing
    Else
        SiparisOnayi = ComboBox1.Text
        a1 = " and Siparis_Onay = SiparisOnayi"
    End If


    If ComboBox2.Text = Nothing Then
        a2 = Nothing
    Else
        SiparisDurumu = ComboBox2.Text
        a2 = " and Siparis_Durumu = SiparisDurumu "
    End If


    If ComboBox3.Text = Nothing Then
        a3 = Nothing
    Else
        SiparisIli = ComboBox3.Text
        a3 = " and Musteri_IL = SiparisIli "
    End If

    If ComboBox4.Text = Nothing Then
        a4 = Nothing
    Else
        a4 = " and Kullanici_Kodu = SiparisKullanicisi"
    End If


    If ComboBox5.Text = Nothing Then
        a5 = Nothing
    Else
        SiparisOdemeYontemi = ComboBox5.Text
        a5 = " and Odeme_Yontemi = SiparisOdemeYontemi"
    End If


    If ComboBox6.Text = Nothing Then
        a6 = Nothing
    Else
        SiparisKargoFirmasi = ComboBox6.Text
        a6 = " and Kargo_Adi = SiparisKargoFirmasi"
    End If


    If ComboBox7.Text = Nothing Then
        a7 = Nothing
    Else
        SiparisSatisKanali = ComboBox7.Text
        a7 = " and Satis_Kanali = SiparisSatisKanali"
    End If
    soncom = "SELECT * FROM `Siparisler` WHERE `Siparis_Tarihi` BETWEEN @d1 and @d2" & a1 & a2 & a3 & a4 & a5 & a6 & a7 & ", connection"



    Try

        Dim command As New MySqlCommand(soncom)
        command.Parameters.Add("@d1", MySqlDbType.DateTime).Value = DateTimePicker2.Value
        command.Parameters.Add("@d2", MySqlDbType.DateTime).Value = DateTimePicker3.Value
        Dim table As New DataTable
        Dim adapter As New MySqlDataAdapter(command)
        adapter.Fill(table)
        DataGridView1.DataSource = table
        Label12.Text = "Toplam " & table.Rows.Count & " Kayıt bulundu ve gösteriliyor."
        myconnection.close()
    Catch ex As Exception
        MessageBox.Show(ex.Message)
    End Try

错误:填充:SelectCommand 连接属性尚未初始化

如何修复我的代码?

【问题讨论】:

  • 这看起来很可怕——容易受到 sql 注入问题的影响。
  • , connection 不应该是soncom 字符串的一部分。它应该是命令的一部分:Dim command As New MySqlCommand(soncom, connection)
  • 另外,在谈到程序代码时,“code”的复数形式仍然只是“code”,而不是“codes”。

标签: vb.net


【解决方案1】:

这行末尾的& ", connection" 在我看来是错误的:

soncom = "SELECT ..." & a1 & ... a7 & ", connection"

但是,除了命令和适配器之外,您还需要一个连接对象,如果 WHERE 子句当前的组装方式完全有效,那么它将极易受到 sql 注入问题的影响,但不会因为组合框值实际上从未插入到最终字符串中,如果在调用 Fill() 期间引发异常,代码很容易使连接保持打开状态。

这应该可以解决所有这些问题(一旦您填写了连接字符串):

Dim table As New DataTable
Using connection As New MySqlConnection("connection string here")
Using command As New MySqlCommand("", connection)
Using adapter As New MySqlDataAdapter(command)
    Dim sql As String = "SELECT * FROM `Siparisler` WHERE `Siparis_Tarihi` BETWEEN @d1 and @d2"
    If Not string.IsNullOrWhitespace(ComboBox1.Text) Then
        sql += " and Siparis_Onay = @SiparisOnayi"
        command.Parameters.AddWithValue("@SiparisOnayi", ComboBox1.Text)
    End if

    If Not string.IsNullOrWhitespace(ComboBox2.Text) Then
        sql += " and Siparis_Durumu = @SiparisDurumu"
        command.Parameters.AddWithValue("@SiparisDurumu", ComboBox2.Text)
    End If

    If  Not string.IsNullOrWhitespace(ComboBox3.Text) Then
        sql += " and Musteri_IL = @SiparisIli"
        command.Parameters.AddWithValue("@SiparisIli", ComboBox3.Text)
    End If

    If  Not string.IsNullOrWhitespace(ComboBox4.Text) Then
        sql +" and Kullanici_Kodu = @SiparisKullanicisi"
        command.Parameters.AddWithValue("@SiparisKullanicisi", ComboBox4.Text)
    End If


    If  Not string.IsNullOrWhitespace(ComboBox5.Text) Then
        sql += " and Odeme_Yontemi = @SiparisOdemeYontemi"
        command.Parameters.AddWithValue("@SiparisOdemeYontemi", ComboBox5.Text)
    End If


    If  Not string.IsNullOrWhitespace(ComboBox6.Text) Then
        sql += " and Kargo_Adi = @SiparisKargoFirmasi"
        command.Parameters.AddWithValue("@SiparisKargoFirmasi", ComboBox6.Text)
    End If


    If  Not string.IsNullOrWhitespace(ComboBox7.Text) Then
        sql += " and Satis_Kanali = @SiparisSatisKanali"
        command.Parameters.AddWithValue("@SiparisSatisKanali", ComboBox7.Text)
    End If

    command.CommandText = sql
    command.Parameters.Add("@d1", MySqlDbType.DateTime).Value = DateTimePicker2.Value
    command.Parameters.Add("@d2", MySqlDbType.DateTime).Value = DateTimePicker3.Value
    Try
        adapter.Fill(table)
    Catch ex As Exception
        MessageBox.Show(ex.Message)
    End Try

End Using
End Using
End Using

DataGridView1.DataSource = table
Label12.Text = $"Toplam {table.Rows.Count} Kayıt bulundu ve gösteriliyor."

【讨论】:

  • 谢谢它的工作...
猜你喜欢
相关资源
最近更新 更多
热门标签
Java Python linux javascript C# Mysql Docker 算法 前端 SpringBoot Redis Vue spring .net 设计模式 .net core c++ kubernetes 数据库 机器学习 大数据 数据结构 微服务 js 人工智能 Go Android 面试 程序员 JVM 云原生 后端 ASP.net core 深度学习 CSS k8s git golang PHP devops Nginx Django React mybatis 架构 多线程 Spring Boot 云计算 LeetCode 分布式