英文:
Using textbox in limit sql query
问题
"Normally I've been using these statement and it works :
\"SELECT * FROM tablename LIMIT 10\"
And I've tried this but it has errors saying error in sql syntax
\"SELECT * FROM tablename LIMIT '" + TextBox1.Text + "'\" "
英文:
Normally I've been using these statement and it works :
"SELECT * FROM tablename LIMIT 10"
And I've tried this but it has errors saying error in sql syntax
"SELECT * FROM tablename LIMIT '" + TextBox1.Text + "' "
答案1
得分: 0
The translated content is as follows:
看看第一个有效的语句没有引号,而第二个无效的语句有引号?你需要按照第一个语句的模式来操作。
然而,你需要将 TextBox1.Text 解析为整数,然后将其连接到字符串中,以防止 SQL 注入攻击,所以...
Dim lim = Integer.Parse(TextBox1.Text)
Dim sql = "SELECT * FROM [tablename] LIMIT " & lim
你可能希望使用 TryParse 来检查是否提供了有效的数字。
(此外,在 VB.NET 中,字符串连接运算符是 &,而不是 +。)
英文:
See how the first statement, which works, has no quotes and the second one, which does not work, does? You need to follow the pattern of the first one.
However, you need to parse TextBox1.Text into an integer and concatenate that into the string to prevent SQL injection attacks, so...
Dim lim = Integer.Parse(TextBox1.Text)
Dim sql = "SELECT * FROM [tablename] LIMIT " & lim
You may want to use TryParse instead to check a valid number was supplied.
(Also, the string concatenation operator in VB.NET is &, not +.)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论