I'm trying to get the price from a item in a combobox.Any ideas?
我试图从组合框中的项目中获得价格。任何想法?
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.OleDb;
namespace Aplicatie_proiect
{
public partial class Form2 : Form
{
private OleDbConnection connection = new OleDbConnection();
public Form2()
{
InitializeComponent();
connection.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\SleepyHitman- V2\Documents\Inventory1.accdb;
Persist Security Info=False;";
}
private void txt_order_Click(object sender, EventArgs e)
{
Double PT = new Double();
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "insert into Comenzi (Produs,Cantitate) values('"+txt_Produs.Text+"','"+txt_Cantitate.Text+"',)" ; //+ sa adaug useru care e logat din form 1
command.ExecuteNonQuery();
connection.Close();
}
private void Form2_Load(object sender, EventArgs e)
{
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
string query = "select * from Inventory";
command.CommandText = query;
OleDbDataReader reader = command.ExecuteReader();
while (reader.Read())
{
txt_Produs.Items.Add(reader["Produs"].ToString());
}
connection.Close();
}
private void txt_Produs_SelectedIndexChanged(object sender, EventArgs e)
{
**connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
string query = "select * from Inventory where Pret ='" + txt_Produs.Text + "'";
command.CommandText = query;
OleDbDataReader reader = command.ExecuteReader();
while (reader.Read())
{
txt_Pret.Text = reader["Pret"].ToString();
}
connection.Close();**
}
}
}
3 个解决方案
#1
It's not clear where you get the error. Next time try to be more explicit.
目前尚不清楚你在哪里得到错误。下次尝试更明确。
In the abobe code I see that you use string concatenation for building the sql statements. That is a bad practice due a sql injection and type missmatching.
在abobe代码中,我看到你使用字符串连接来构建sql语句。由于sql注入和类型不匹配,这是一种不好的做法。
Try to change
试着改变
private void txt_order_Click(object sender, EventArgs e)
{
Double PT = new Double();
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "insert into Comenzi (Produs,Cantitate) values('"+txt_Produs.Text+"','"+txt_Cantitate.Text+"',)" ; //+ sa adaug useru care e logat din form 1
command.ExecuteNonQuery();
connection.Close();
}
by this (I suspect the error is in the conversion of Cantitate -in a textBox- to a int or double -in database-):
通过这个(我怀疑错误是在Cantote的转换 - 在textBox-转换为int或双-in数据库 - ):
private void txt_order_Click(object sender, EventArgs e)
{
Double PT = new Double();
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "insert into Comenzi (Produs,Cantitate) values(@product, @cantitate)" ; //+ sa adaug useru care e logat din form 1
command.Parameters.AddWithValue("@product", txt_Produs.Text);
command.Parameters.AddWithValue("@cantitate", Convert.ToInt32(txt_Cantitate.Text);
command.ExecuteNonQuery();
connection.Close();
}
#2
I understand that you are comparing a numerical field here. In that case you need to remove the single quotes in the sql query string.
我知道你在这里比较数字字段。在这种情况下,您需要删除sql查询字符串中的单引号。
#3
string query = "select Pret from Inventory where Produs ='" + txt_Produs.Text + "'";
this was the problem, ty for the help guys hope i will be more clear next time.
这是问题所在,帮助人们希望下次我会更清楚。
#1
It's not clear where you get the error. Next time try to be more explicit.
目前尚不清楚你在哪里得到错误。下次尝试更明确。
In the abobe code I see that you use string concatenation for building the sql statements. That is a bad practice due a sql injection and type missmatching.
在abobe代码中,我看到你使用字符串连接来构建sql语句。由于sql注入和类型不匹配,这是一种不好的做法。
Try to change
试着改变
private void txt_order_Click(object sender, EventArgs e)
{
Double PT = new Double();
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "insert into Comenzi (Produs,Cantitate) values('"+txt_Produs.Text+"','"+txt_Cantitate.Text+"',)" ; //+ sa adaug useru care e logat din form 1
command.ExecuteNonQuery();
connection.Close();
}
by this (I suspect the error is in the conversion of Cantitate -in a textBox- to a int or double -in database-):
通过这个(我怀疑错误是在Cantote的转换 - 在textBox-转换为int或双-in数据库 - ):
private void txt_order_Click(object sender, EventArgs e)
{
Double PT = new Double();
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "insert into Comenzi (Produs,Cantitate) values(@product, @cantitate)" ; //+ sa adaug useru care e logat din form 1
command.Parameters.AddWithValue("@product", txt_Produs.Text);
command.Parameters.AddWithValue("@cantitate", Convert.ToInt32(txt_Cantitate.Text);
command.ExecuteNonQuery();
connection.Close();
}
#2
I understand that you are comparing a numerical field here. In that case you need to remove the single quotes in the sql query string.
我知道你在这里比较数字字段。在这种情况下,您需要删除sql查询字符串中的单引号。
#3
string query = "select Pret from Inventory where Produs ='" + txt_Produs.Text + "'";
this was the problem, ty for the help guys hope i will be more clear next time.
这是问题所在,帮助人们希望下次我会更清楚。