da.fill不正確的語法附近「）」

Question

我是從線

da.Fill(ds, "Employee") 

有一個問題，我沒有任何線索，解決這個問題。誰能幫忙？

這是我的實際代碼：

Private Sub btnsearch_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnsearch.Click 
    Dim da As New SqlClient.SqlDataAdapter 
    Dim ds As New DataSet 
    Dim dt As New DataTable 


    If txtssn.Text = "" Then 
     MsgBox("Please input SSN.", MsgBoxStyle.Exclamation, "Company Records - Employee") 
    Else 
     con.Open() 
     Dim cmd As New SqlCommand("SELECT * FROM [Employee] WHERE [Ssn] = '" & Trim(Me.txtssn.Text) & "')", con) 

     da.SelectCommand = cmd 

     da.Fill(ds, "Employee") 
     dt = ds.Tables("Employee") 

     If (dt.Rows.Count > 0) Then 
      Me.txtfname.Text = dt.Rows(0).Item(1) 
      Me.txtmi.Text = dt.Rows(0).Item(2) 
      Me.txtlname.Text = dt.Rows(0).Item(3) 
      Me.dtpbdate.Text = dt.Rows(0).Item(5) 
      Me.txtaddress.Text = dt.Rows(0).Item(6) 
      Me.cmbsex.Text = dt.Rows(0).Item(7) 
      Me.txtsalary.Text = dt.Rows(0).Item(8) 
      Me.cmbsuperssn.Text = dt.Rows(0).Item(9) 
      'Me.cmbdept.Text = 
      btnedit.Enabled = True 
      btndelete.Enabled = True 
      editable() 

     Else 
      MsgBox("Record Not Found", MsgBoxStyle.Information + MsgBoxStyle.OkOnly, "Company Records - Employee") 
     End If 

     con.Close() 
    End If 

Answer 1

從SQL語句刪除尾隨)。

"SELECT * FROM [Employee] WHERE [Ssn] = '" & Trim(Me.txtssn.Text) & "'" 

另請參閱爲什麼shouldn't be doing it in the first place。

Answer 2

刪除關閉括號，因爲這是一個SELECT不是INSERT：

"SELECT * FROM [Employee] WHERE [Ssn] = '" & Trim(Me.txtssn.Text) & "'" 

但是，我總是使用SQL參數以防止SQL注入。

Using con As New SqlConnection("ConenctionString") 
    Using da As New SqlDataAdapter("SELECT * FROM [Employee] WHERE [Ssn] = @SSN", con) 
     da.SelectCommand.Parameters.Add("@SSN", SqlDbType.VarChar).Value = txtssn.Text 
     da.Fill(ds, "Employee") 
    End Using 
End Using 

Answer 3

他們是語法錯誤靠近你SQL聲明，所以你需要刪除不需要的(做此發言可行的。

Dim cmd As New SqlCommand("SELECT * FROM [Employee] WHERE [Ssn] = '" & Trim(Me.txtssn.Text) & "'", con)