類型「System.Data.OleDb.OleDbException」未處理的異常出現在system.data.dll

Question

每當我跑我的程序我得到這個錯誤：

An unhandled exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll

Additional information: No value given for one or more required parameters.

Sub admininfoo() 
    Dim q As String = "Select * from Table2 where AdminPassword=" & AdminLogin.TextBox1.Text 
    Dim cmd As New OleDb.OleDbCommand(q, connection) 
    Dim reader As OleDb.OleDbDataReader = cmd.ExecuteReader() 

    reader.Read() 

    AdminInterface.Label2.Text = reader("Name") 


    reader.Close() 
End Sub 

順便說一句，我使用Visual Basic 2013和Microsoft Access數據庫

Answer 1

您沒有清理您的輸入。如果你的密碼有'？'字符，OleDb提供者會將其解釋爲一個參數，您需要通過這個參數，您應該做的是防止任何注入。

使用OleDbCommand.Parameters.AddWithValue方法添加您的參數。

Dim q As String = "Select * from Table2 where AdminPassword=?" 
Dim cmd As New OleDb.OleDbCommand(q, connection) 
cmd.Parameters.AddWithValue("AdminPassword", AdminLogin.TextBox1.Text) 
Dim reader As OleDb.OleDbDataReader = cmd.ExecuteReader()