1 
Imports System.Data
Imports System.Data.SqlClient


Public Class Form2
    Private Sub button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim cmd As SqlCommand
        Dim conn As SqlConnection
        Dim dr2 As SqlDataReader

        Dim sql = "SELECT room number,date,ddate FROM date WHERE room number = '" & nametxt.Text & "' AND date >= '" & DateTimePicker1.Text & "'AND ddate <= '" & DateTimePicker1.Text & "'OR Room number = '" & nametxt.Text & "'AND date = '" & DateTi    mePicker1.Text & "' "
        conn = New SqlConnection("Data Source=zahid\sqlexpress;Initial Catalog=test;Integrated Security=True")
        conn.Open()

        cmd = New SqlCommand(sql, conn)


        Try
            dr2 = cmd.ExecuteReader
            If dr2.Read = True Then
                MessageBox.Show("room not available...")
            Else
                MessageBox.Show("Login Successful...")
            End If
        Catch ex As Exception
            MsgBox(ex.Message)
        End Try

        If conn.State <> ConnectionState.Closed Then
            conn.Close()
        End If

    End Sub
End Class
4

1 に答える 1

1

名前にスペースを含むフィールドがある場合は、角括弧で囲む必要があります

Dim sql = "SELECT [room number,date,ddate FROM date WHERE [room number] = " & _
         "'" & nametxt.Text & "' AND date >= '" & DateTimePicker1.Text & _
         "'AND ddate <= '" & DateTimePicker1.Text & "'OR [Room number] = '" & _ 
         "nametxt.Text & "'AND date = '" & DateTimePicker1.Text & "' "

文字列の連結を絶対に削除し、パラメーター化されたクエリを使用する必要があると述べました。論理条件をより適切にグループ化するために括弧も付けます

Dim sql = "SELECT [room number],date,ddate FROM date WHERE " & _
          "([room number] = @rnum  AND date >= @dt AND ddate <= @dt) " & _
          " OR ([Room number] = @rnum AND date = @dt)"

クエリ テキストがパラメーターで簡略化されたので、最初のブロックに既に含まれているため、条件 OR が不要であることが簡単にわかります。

したがって、コードは次のように記述できます

Dim sql = "SELECT [room number],date,ddate FROM date WHERE " & _
          "[room number] = @rnum  AND date >= @dt AND ddate <= @dt " 

Using conn = New SqlConnection("Data Source=zahid\sqlexpress;Initial Catalog=test;Integrated Security=True")
Using cmd = New SqlCommand(sql, conn)
    conn.Open()
    cmd.Parameters.AddWithValue("@rnum", nametxt.Text)
    cmd.Parameters.AddWithValue("@dt", DateTimePicker1.Value)
    Try
        Using dr2 = cmd.ExecuteReader
            ' Probably this test is wrong....
            If dr2.Read = True Then
                MessageBox.Show("room not available...")
            Else
                MessageBox.Show("Login Successful...")
            End If
        End Using
    Catch ex As Exception
        MsgBox(ex.Message)
    End Try
End Using
End Using
If conn.State <> ConnectionState.Closed Then
    conn.Close()
End If
于 2013-07-22T07:34:58.657 に答える