da.Fill(ds, "Employee")
有一個問題,我沒有任何線索,解決這個問題。誰能幫忙?
這是我的實際代碼:
Private Sub btnsearch_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnsearch.Click
Dim da As New SqlClient.SqlDataAdapter
Dim ds As New DataSet
Dim dt As New DataTable
If txtssn.Text = "" Then
MsgBox("Please input SSN.", MsgBoxStyle.Exclamation, "Company Records - Employee")
Else
con.Open()
Dim cmd As New SqlCommand("SELECT * FROM [Employee] WHERE [Ssn] = '" & Trim(Me.txtssn.Text) & "')", con)
da.SelectCommand = cmd
da.Fill(ds, "Employee")
dt = ds.Tables("Employee")
If (dt.Rows.Count > 0) Then
Me.txtfname.Text = dt.Rows(0).Item(1)
Me.txtmi.Text = dt.Rows(0).Item(2)
Me.txtlname.Text = dt.Rows(0).Item(3)
Me.dtpbdate.Text = dt.Rows(0).Item(5)
Me.txtaddress.Text = dt.Rows(0).Item(6)
Me.cmbsex.Text = dt.Rows(0).Item(7)
Me.txtsalary.Text = dt.Rows(0).Item(8)
Me.cmbsuperssn.Text = dt.Rows(0).Item(9)
'Me.cmbdept.Text =
btnedit.Enabled = True
btndelete.Enabled = True
editable()
Else
MsgBox("Record Not Found", MsgBoxStyle.Information + MsgBoxStyle.OkOnly, "Company Records - Employee")
End If
con.Close()
End If
魔鬼在我說:輸入''; DROP TABLE Employee; - ',但我更喜歡說:閱讀關於Sql注入 – Steve 2014-10-06 07:25:41