1. 首页
  2. 问答
  3. VB.Net SQL count语句成标签

VB.Net SQL count语句成标签

2017-03-16 70 views
0

我想指望其老师那里teacher = '" & lblTeacher.Text & "'"VB.Net SQL count语句成标签

例学生:

enter image description here

Public Class Form1 
Dim conn As String = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Richard\Desktop\Dbase.mdb" 
Dim con As New OleDbConnection 
Dim da, da1 As New OleDbDataAdapter 
Dim dt, dt1 As New DataTable 
Dim sql As String 
Dim ds As New DataSet 

Public Sub display() 
    sql = "select * from Info" 
    dt.Clear() 
    con.Open() 
    da = New OleDbDataAdapter(sql, con) 
    da.Fill(dt) 
    con.Close() 
    DataGridView1.DataSource = dt.DefaultView 
End Sub 
Public Sub count() 
    sql = "select COUNT(name) from Info where teacher = '" & lblTeacher.Text & "'" 
    da1 = New OleDbDataAdapter(sql, con) 
    ds.Clear() 
    con.Open() 
    da.Fill(ds) 
    lblCount.Text = ds.Tables(0).Rows.Count.ToString 
    con.Close() 
End Sub 
Private Sub Form1_Load(sender As System.Object, e As System.EventArgs) Handles MyBase.Load 
    con.ConnectionString = conn 
    display() 
End Sub 

Private Sub DataGridView1_Click(sender As System.Object, e As System.EventArgs) Handles DataGridView1.Click 
    lblTeacher.Text = DataGridView1.CurrentRow.Cells("teacher").Value.ToString 
    count() 
End Sub 
End Class

1

来源

2017-03-16 Snowden

+1

和问题,我面对的是...?我得到的错误是...? – Stavm

+2

这段代码很容易被sql注入。 –

+0

另外:使用旧的JET mdb Access文件而不是新的ACE accdb文件似乎很奇怪。 –

回答

1

试试这个而不是你目前的count()方法。特别注意我的评论;他们的地址从原来代码中的一些不良行为:

' Better functional style: accept a value, return the result 
Public Function GetStudentCount(teacher As String) As Integer 
    '**NEVER** use string concatenation to put data into an SQL command!!! 
    Const sql As String = "select COUNT(name) from Info where teacher = ?" 

    'Don't try to re-use the same connection in your app. 
    ' It creates a bottleneck, and breaks ADO.Net's built-in connection pooling, 
    ' meaning it's more likely to make object use *worse*, rather than better. 
    'Additionally, connection objects should be created in a Using block, 
    ' so they will still be closed if an exception is thrown. 
    ' The original code would have left the connection hanging open. 
    Using con As New OleDbConnection(conn), _ 
      cmd As New OleDbCommand(sql, con) 

     'This, rather than string concatenation, is how you should put a value into your sql command 
     'Note that this NEVER directly replaces the "?" character with the parameter value, 
     ' even in the database itself. The command and the data are always kept separated. 
     cmd.Parameters.Add("teacher", OleDbType.VarChar).Value = teacher 

     con.Open() 
     ' No need to fill a whole dataset, just to get one integer back 
     Return DirectCast(cmd.ExecuteScalar(), Integer) 

     'No need to call con.Close() manually. The Using block takes care of it for you. 
    End Using 
End Function

这又是,没有这些额外的评论:

Public Function GetStudentCount(teacher As String) As Integer 
    Const sql As String = "select COUNT(name) from Info where teacher = ?" 

    Using con As New OleDbConnection(conn), _ 
      cmd As New OleDbCommand(sql, con) 
     cmd.Parameters.Add("teacher", OleDbType.VarChar).Value = teacher   
     con.Open() 
     Return DirectCast(cmd.ExecuteScalar(), Integer) 
    End Using 
End Function

这样称呼它:

Private Sub DataGridView1_Click(sender As System.Object, e As System.EventArgs) Handles DataGridView1.Click 
    lblTeacher.Text = DataGridView1.CurrentRow.Cells("teacher").Value.ToString() 
    lblCount.Text = GetStudentCount(lblTeacher.Text).ToString() 
End Sub

来源

2017-03-16 16:04:26

+0

非常感谢! – Snowden

+0

嘿,我在代码中有一段时间(ExecuteNonQuery()vs ExecuteScalar())。它现在已经修复,所以你可能想再次检查一遍。 –

相关问题

 相关问题