在sql查询中使用组合框的内容

I have a form with a combo box for manufacturers << you pick one which leads to>> the second combo box (cbModel) for models you select one model then you go to the first text box (txtColour) enter the cars ccolour then to text box (txtRegNo) enter the registration. Press the add vehicle button and get this

我有一个带有组合框的表单，供制造商用“你选择一个导致”的第二个组合框（cbModel）为你选择一个模型的模型然后你去第一个文本框（txtColour）进入汽车ccolour然后到文本框（txtRegNo）输入注册。按添加车辆按钮即可

Private Sub CreateVehicle()
    'Read in the model name and change it to a modelID no
    Dim ticket As String = cbModel.Text
    Dim queryString As String = "Select ModelID FROM Model WHERE Modelname = " & ticket & "' "

    ' Run Query
    SQL.RunQuery(queryString)


    Dim da As New SqlClient.SqlDataAdapter()
    Dim dt = New DataTable
    da.Fill(dt)

    'show what is in  dt is now
    MsgBox(dt)

    'temporary break to get first part working
    Exit Sub

    If Len(cbModel.Text) >= 0 And Len(txtColour.Text) >= 0 And Len(txtRegNo.Text) >= 0 Then

        'Add new user to database
        SQL.AddVehicle(cbModel.Text, txtColour.Text, txtRegNo.Text)
    Else
        MsgBox("Please make sure you have filled in ALL Fields Correctly!")
        Exit Sub
    End If

End Sub

So I have fiddled aroundwith the Dim querysString line but I cannot get it to work, all I get is error messages "Unclosed quotation mark after the character string ' '. and then InvalidOperation Exception was unhandled (this I think is due to the frst error stopping dt being filled ?)

所以我摆弄了Dim querysString行，但是我无法让它工作，我得到的是错误消息“字符串后的未闭合引号”。然后InvalidOperation异常未处理（我认为这是由于第一个错误停止dt被填满？）

Can anyone please help as I am going slowly crazy and the assignment is far from finished ! Thanks

任何人都可以请求帮助，因为我慢慢疯了，任务还远未完成！谢谢

1 个解决方案

#1

I am pretty sure that ModelName is a field of some text type. If this is correct then, if you want to search a value in that field you need to put it between single quotes. For example

我很确定ModelName是某种文本类型的字段。如果这是正确的，那么，如果要搜索该字段中的值，则需要将其放在单引号之间。例如

Dim queryString As String = "Select ModelID FROM Model " & _ 
                            "WHERE Modelname = 'ValueToSearch'"

In your code instead the quote is missing from the start of the value. So it is a simple typo that prevents your code to work.
But fixing it adding a quote is not the advice that I want to give you. Instead try to use a parameterized query

在您的代码中，从值的开头缺少引号。所以这是一个简单的拼写错误，阻止您的代码工作。但修改它添加引用并不是我想给你的建议。而是尝试使用参数化查询

Dim queryString As String = "Select ModelID FROM Model " & _ 
                            "WHERE Modelname = @model"
' Run Query '
Dim da As New SqlClient.SqlDataAdapter(queryString, yourConnection)
da.SelectCommand.Parameters.Add("@model", SqlDbType.NVarChar).Value = ticket 
Dim dt = New DataTable
da.Fill(dt)

Now, it is difficult to say how to apply this method to your approach with

现在，很难说如何将此方法应用于您的方法

SQL.RunQuery(queryString)

but you should really change that code to accept parameterized queries because they are safer (no Sql Injection) and are not subject to simple parsing error like the one caused by the presence of a quote in your values.

但是你应该真的改变那些代码来接受参数化查询，因为它们更安全（没有Sql注入），并且不受简单的解析错误的影响，就像你的值中存在引号一样。

#1