没有给出一个或多个必需参数的值/ SQL应该是正确的

Question

问

没有给出一个或多个必需参数的值/ SQL应该是正确的

发布于 2023-02-08 13:34

程序在adapter.Fill(datatable)给出错误的行停止:oleDbException为Unhandled:没有给出一个或多个必需参数的值.

当我将SQL复制到访问中时,没有给出错误..

SQL:

public static List AllMoviesSameActor(string lastName)
{
   string command;
   command = "SELECT movieId, name, headActor, Director, ReleaseDate, lenghtMin"
           + "FROM Movies" +
            " WHERE headactor =  " + lastName ;
   OleDbDataAdapter adapter = new OleDbDataAdapter(command, connectionString);
   DataTable datatable = new DataTable();
   adapter.Fill(datatable);

   List list= new List();
   for (int i = 0; i < datatable.Rows.Count; i++)
   {
      Movie movie = new Movie();
      movie.movieId = datatable.Rows[i].Field("movieId");
      movie.name = datatable.Rows[i].Field("name");
      movie.headActor = datatable.Rows[i].Field("headActor");
      movie.director = datatable.Rows[i].Field("director");
      movie.releaseDate = datatable.Rows[i].Field("releaseDate");
      movie.lenghtMin = datatable.Rows[i].Field("lenghtMin");
      list.Add(movie);
   }   
   return list;
}

表格中的代码:

public FormMoviesSameActor()
{
   InitializeComponent();
   List actors = Actor.AllActors();
   comboBoxActeur.DataSource = actors;
   comboBoxActeur.DisplayMember = "LastName";
   comboBoxActeur.ValueMember = "LastName";
}

private void buttonSearchMovies_Click(object sender, EventArgs e)
{
   Actor dedicatedActor = new Actor();
   dedicatedActor.LastName = Convert.ToString(comboBoxActeur.SelectedValue);
   listBox1.DataSource = dedicatedActor.Movies;
   listBox1.DisplayMember = "AllData";
}

Actor.Movies方法如下所述

public List Movies
{
   get { return Movie.AllMoviesSameActor(this.lastName); 
}

Steve.. 7

当您收到此错误时,表示Access Engine无法正确找到您的一个或多个列名或整个表名.

因此,第一步是确保列的名称是正确的.
特别是minLenght看起来不对(minLength ???)

字符串连接也包含错误.缺少FROM子句之前的空格,但这应该抛出语法错误,而不是缺少参数.

command = "SELECT movieId, name, headActor, Director, ReleaseDate, lenghtMin " +  // space added
          "FROM Movies WHERE headactor =  " + lastName ;

最后,该headactor字段似乎是一个文本字段,如果这是真的,您需要在lastName变量周围使用单引号.但我建议使用参数化查询

 command = "SELECT movieId, name, headActor, Director, ReleaseDate, lenghtMin " +
          "FROM Movies WHERE headactor =  ?";

 OleDbDataAdapter adapter = new OleDbDataAdapter(command, connectionString);
 adapter.SelectCommand.Parameters.AddWithValue("@p1", lastName);
 .....

TyCobb.. 5

你有几个问题.用这个:

command = "SELECT movieId, name, headActor, Director, ReleaseDate, lenghtMin"
        + " FROM Movies" +
        " WHERE headActor =  '" + lastName + "'";

基本上你错过了你FROM和最后一列之间的空格.你也错过了你周围的字符串限定符lastName.

如果你正在为生产做些什么,你不应该这样做.您应该研究使用参数化查询.

参数化查询如何帮助SQL注入？

正如Brian指出的那样,您的列名也与您尝试从数据行字段中检索的列名不匹配.您需要使用正确的名称更正此问题.

2 个回答

你有几个问题.用这个:
```
command = "SELECT movieId, name, headActor, Director, ReleaseDate, lenghtMin"
        + " FROM Movies" +
        " WHERE headActor =  '" + lastName + "'";
```
基本上你错过了你FROM和最后一列之间的空格.你也错过了你周围的字符串限定符lastName.

如果你正在为生产做些什么,你不应该这样做.您应该研究使用参数化查询.

参数化查询如何帮助SQL注入？

正如Brian指出的那样,您的列名也与您尝试从数据行字段中检索的列名不匹配.您需要使用正确的名称更正此问题.
2023-02-08 13:38 回答

13578945682a_699
当您收到此错误时,表示Access Engine无法正确找到您的一个或多个列名或整个表名.

因此,第一步是确保列的名称是正确的.
特别是minLenght看起来不对(minLength ???)

字符串连接也包含错误.缺少FROM子句之前的空格,但这应该抛出语法错误,而不是缺少参数.
```
command = "SELECT movieId, name, headActor, Director, ReleaseDate, lenghtMin " +  // space added
          "FROM Movies WHERE headactor =  " + lastName ;
```
最后,该headactor字段似乎是一个文本字段,如果这是真的,您需要在lastName变量周围使用单引号.但我建议使用参数化查询
```
 command = "SELECT movieId, name, headActor, Director, ReleaseDate, lenghtMin " +
          "FROM Movies WHERE headactor =  ?";

 OleDbDataAdapter adapter = new OleDbDataAdapter(command, connectionString);
 adapter.SelectCommand.Parameters.AddWithValue("@p1", lastName);
 .....
```
2023-02-08 13:38 回答

穿行来回间

撰写答案