想請問下面這其中COMBOX2這段,試了都帶不了Form畫面上選定的combobox值
因為這個參數是資料表其中一個欄位名稱,做成COMBOBOX給user選某個項目的日期(日期已先寫死做測試)
不知何解?
我改成TEXTBOX.TEXT寫死也一樣,直接寫在str語句上可以
Dim str1 As String = "select * from MS_DailyProjectPlan left join MS_Product on MS_DailyProjectPlan.PlanNo=MS_Product.PlanNo left join MS_CCDRecord on MS_Product.ProductNo=MS_CCDRecord.BarcodeNo where MS_DailyProjectPlan.CPNO_PNO = @PNO AND @STA between '2023/10/10 00:00:00' and '2023/10/11 23:59:59' "
Dim cmdd1 As New SqlCommand(str1, cn)
If Not String.IsNullOrEmpty(PNOCOMB.Text) Then
cmdd1.Parameters.Add("@PNO", SqlDbType.NVarChar, 30).Value = PNOCOMB.Text
End If
If Not String.IsNullOrEmpty(ComboBox2.Text) Then
cmdd1.Parameters.AddWithValue("@STA", ComboBox2.Text)
End If
''''''''''''
'''''
可檢查看看
C#文字取代時候遇到的坑_ADO.NET如何獲取已串入參數值的SQL指令字串
https://coolmandiary.blogspot.com/2021/04/c.html
另外關於參數化查詢
經得起原始碼資安弱點掃描的程式設計習慣培養(四)_1.Injection注入攻擊_SQL Injection_order by 語句正確參數化套入
https://coolmandiary.blogspot.com/2021/04/1injectionsql-injectionorder-by.html
經得起原始碼資安弱點掃描的程式設計習慣培養(四)_2.Injection注入攻擊_SQL Injection_In語句正確參數化套入
https://coolmandiary.blogspot.com/2021/10/2injectionsql-injectionin.html