问题说:
参数太少。预期 1.
这是我的数据库表:
CustomerOrder [CustomerOrder(OrderId, ProdName, ProdPrice, OrderQty, CatName, OrderDate]
法典:
con.Open();
OleDbCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO CustomerOrder(OrderId, ProdName, ProdPrice, OrderQty, CatName, OrderDate)values('" + txtOrderCode.Text + "','" + txtProdName.Text + "', '" + txtProdPrice.Text + "', '" + txtOrderQty.Text + "', '" + txtCatName.Text + "', '" + txtOrderDate.Text + "')";
cmd.ExecuteNonQuery();
tabControl1.SelectedTab = tabPage1;
DataTable dt = new DataTable();
OleDbDataAdapter da = new OleDbDataAdapter(cmd);
da.Fill(dt);
dataGridView1.DataSource = dt;
con.Close();
int ordercode, orderqty;
double price;
string prodname, catname;
ordercode = Convert.ToInt32(txtOrderCode.Text);
orderqty = Convert.ToInt32(txtOrderQty.Text);
price = Convert.ToDouble(txtProdPrice.Text);
prodname = Convert.ToString(txtProdName.Text);
我建议您改用参数化查询,因为它可以防止您遭受 SQL 注入攻击。 下面是一个如何与您的代码一起使用的小示例
String SqlCommand = "insert into CUSTOMERORDER values (@OrderId, @ProdName,@ProdPrice,@OrderQty, @CatName,@OrderDate)";
SqlCommand cmd = new SqlCommand(SqlCommand , //ConnectionString);
cmd.CommandType = CommandType.Text;
conn.Open();
cmd.Parameters.AddWithValue("@OrderId", txtOrderCode.Text);
cmd.Parameters.AddWithValue("@ProdName", txtProdName.Text );
cmd.Parameters.AddWithValue("@ProdPrice", txtProdPrice.Text);
cmd.Parameters.AddWithValue("@OrderQty", txtOrderQty.Text);
cmd.Parameters.AddWithValue("@CatName", txtCatName.Text.Text);
cmd.Parameters.AddWithValue("@OrderDate", txtOrderDate.Text);
cmd.ExecuteNonQuery();
conn.Close();
阅读 SQL 注入攻击。 这样做更容易,更清洁,最重要的是更安全。 此外,在查看代码时,您将在运行 Sql 命令后设置文本框值