更新时间:2023-10-08 11:39:16
索引是基于select语句中列的位置,你有
index is based on position of column in your select statement, you have
ContractBuyerCode,ContractBuyerName,ContractSBU,ContractProjectName,ContractPrjUnitDesc,ContractModel,ContractStatus
列。所以ContractBuyerCode有0索引,ContractBuyerName有索引1,所以...
相应地改变代码
columns in your select sql. so ContractBuyerCode has 0 index, ContractBuyerName has index 1, so on...
change the code accordingly
并添加到索引起点的答案:为了避免SQL注入,数据转换问题等,您应该在查询中使用SqlParameter
,而不是直接将文本框中的值连接到SQL语句。
所以你的代码看起来像
And to add to the answer concerning indexing start point: To be safe from SQL injections, data conversion problems etc, you should useSqlParameter
in your queries instead of directly concatenating values from the text boxes to the SQL statement.
So you code could look something like
...
SqlCommand searchquery = new SqlCommand(
"SELECT tc.ContractBuyerCode,
tc.ContractBuyerName,
tc.ContractSBU,
tc.ContractProjectName,
tc.ContractPrjUnitDesc,
tc.ContractModel,
tc.ContractStatus
FROM MC.tblContracts tc
WHERE tc.ContractCompanyCode = @ContractCompanyCode
AND tc.ContractNo = @ContractNo", amicassaCon_repgen);
searchquery.Parameters.Add( new SqlParameter() {
ParameterName = "@ContractCompanyCode",
DbType = SqlDbType.VarChar,
Size = 100,
Value = company_code.Text }; // Remember to validate the data first?
searchquery.Parameters.Add( new SqlParameter() {
ParameterName = "@ContractNo",
DbType = SqlDbType.Int,
Value = contract_no.Text };
SqlDataReader dr = searchquery.ExecuteReader();
...
欲了解更多信息,请参阅:
- SQL注入 [ ^ ]
- SqlParameter类 [ ^ ]
查看此
如何操作-i-set-my-labels-text-with-a-value-from-the-database [ ^ ]
希望它会有所帮助......
Check this
how-do-i-set-my-labels-text-with-a-value-from-the-database[^]
Hope it will help...