Geek Answers Handbook

Choosing an operator that ignores parameters?

When I use this code, it returns every row in the table, and I have no idea why.

string SelectOleDb = "SELECT Top 1 * From `Employee Info` Where [Employee Name]=@EmployeeName" Order By ID DESC";

OleDbConnection OleDbCon = new OleDbConnection(EmployeeInfo.Properties.Settings.Default.cstrEmployeeInfoDatabase);
OleDbDataAdapter OleDbAdpt = new OleDbDataAdapter();
OleDbCommand OleDbCom = new OleDbCommand(SelectOleDb, OleDbCon);
OleDbCom.Parameters.AddWithValue("@EmployeeName", employee_NameComboBox.Text);
OleDbAdpt.SelectCommand = OleDbCom;

DataSet FooDS = new DataSet();
OleDbCon.Open();
OleDbAdpt.Fill(FooDS);
OleDbCon.Close();
OleDbCon.Dispose();
DataTable EmployeeInfo = FooDS.Tables[0];

And even copy the value in the "Employee Name" column to the text box to make sure that I used the real name of the employee. I would expect that nothing will be returned, and not all if the statement was incorrect.

UPDATE: I also tried removing the Named parameter "@EmployeeName" and entering a hard name surrounded by single quotes. However, the operator still returns information about the employees.

0
source share
3 answers

, OleDb ? . . , . , .

OleDB , , EITHER (Ticks), .

, . , _ ( ) . (Ticks) . , , - "" () _ ( )

, "(Ticks)", "" () _ ( ), .

:

        string SelectOleDb = "SELECT Top 1 * From [Employee Info] Where Employee_Name= @EmployeeName Order By ID DESC";

        OleDbConnection OleDbCon = new OleDbConnection(EmployeeInfo.Properties.Settings.Default.cstrEmployeeInfoDatabase);
        OleDbDataAdapter OleDbAdpt = new OleDbDataAdapter();
        OleDbCommand OleDbCom = new OleDbCommand(SelectOleDb, OleDbCon);
        OleDbCom.Parameters.AddWithValue("@EmployeeName", employee_NameComboBox.Text);
        OleDbAdpt.SelectCommand = OleDbCom;

            DataSet EmployeeInfoDS = new DataSet();
            OleDbCon.Open();
            OleDbAdpt.Fill(EmployeeInfoDS);
            OleDbCon.Close();
            OleDbCon.Dispose();
            DataTable EmployeeInfoDT = EmployeeInfoDS.Tables[0];
+1

, DataSet s:

DataSet FooDS = new DataSet();   // <-- FooDS?
OleDbCon.Open();
OleDbAdpt.Fill(ExpediteDS);   // <-- filing a different dataset?
OleDbCon.Close();
OleDbCon.Dispose();
DataTable EmployeeInfo = FooDS.Tables[0];  // <-- not the dataset you just filled!

/, , , - "dummy" , , .

+3

MSDN:

OLE DB.NET SQL , OleDbCommand, CommandType Text. (?).

OLEDB SQL Server ? , . .

, :

        string SelectOleDb = "SELECT Top 1 * From users Where [application_user_name]=? Order By application_user_id DESC";

        OleDbConnection OleDbCon = new OleDbConnection("Provider=SQLOLEDB;Data Source=SERVER\\INSTANCE;Initial Catalog=samples;Trusted_Connection=yes");

        OleDbDataAdapter OleDbAdpt = new OleDbDataAdapter();
        OleDbCommand OleDbCom = new OleDbCommand(SelectOleDb, OleDbCon);
        OleDbCom.Parameters.AddWithValue("@EmployeeName", "smith");
        OleDbAdpt.SelectCommand = OleDbCom;

        DataSet ExpediteDS = new DataSet();

        DataSet FooDS = new DataSet();
        OleDbCon.Open();
        OleDbAdpt.Fill(ExpediteDS);
        OleDbCon.Close();
        OleDbCon.Dispose();

it is important to note that with OLEDB the order of the parameters matters. You must add them to the ParameterCollection in the order in which you want them to be referenced in the request.

0
source

More articles:


All Articles