I am working 开发者_C百科vb.net in visual stdio 2005.
I want to delete a row from my table the tables's name is displayed in listbox, when I press delete button in my app nothing happen's. Private Sub cmdDELETE_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdDELETE.Click
Me.SqlConnection1.Open()
Dim mycom As SqlCommand
Dim ra As Integer
mycom = New SqlCommand("DELETE @PICTUREDATA From pic WHERE
(NAME = '+ ListBox1.SelectedItem + ')", Me.SqlConnection1)
ra = mycom.ExecuteNonQuery()
MessageBox.Show("ROWS AFFECTED " & ra)
Me.SqlConnection1.Close()
End Sub
any help plzz
If you have copy-pasted the code, there is at least one error with quoting. It should be like this:
mycom = New SqlCommand("DELETE @PICTUREDATA From pic WHERE
(NAME = '" + ListBox1.SelectedItem + "')", Me.SqlConnection1
But you should really consider using the SqlCommand.Parameters collection to add your input data. Your code is open to SQL injection attacks.
精彩评论