更新时间:2021-12-26 01:25:31
首先,你应该避免 SqlInjection [ ^ ]通过创建参数化查询。
假设您要显示与用户定义的日期范围相对应的数据(Text1.Text ),您可以尝试这样的事情:
First of all, you should avoid SqlInjection[^] by creating parameterized queries.
Assuming, that you'd like to display data corresponding to date range defined by the user (Text1.Text), you can try something like this:
sql = String.Format("SELECT <Field_List> {0} FROM Tpegawai {0} WHERE DateDiff('d', Date(), thmasuk)<=?", Environment.NewLine)
con.Open()
Dim dt As DataTable = New DataTable()
Using command As OleDbCommand = New OleDbCommand(sql, con)
command.Parameters.Add(Me.Text1.Text)
Dim oRdr As OleDbDataReader = command.ExecuteNonQuery()
dt.Load(oRdr)
oRdr.Dispose()
command.Dispose()
End Using
con.Close()
'dt holds data; you can bind it with DataGridView.DataSource
DataGridView1.DataSource1 = dt
欲了解更多详情,请参阅:
OleDbCommand.Parameters属性(System.Data.OleDb) [ ^ ]