cmd.ExecuteNonQuery() 하나 이상의 필수 매개 변수에 값이 지정되지 않았습니다.

Question

데이터를 추가 할 수는 없지만 코드에 오류가없는 경우 하나 이상의 필수 매개 변수에 항상 값이 표시되지 않습니다. 누군가 내 프로젝트를 도와 줄 수 있습니까? .........................................

Public Class frmStudent 
    Dim cnn As New OleDb.OleDbConnection 

    Private Sub btnClose_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnClose.Click 
     Me.Close() 
    End Sub 

    Private Sub btnClear_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnClear.Click 
     Me.txtstdID.Text = "" 
     Me.txtStdName.Text = "" 
     Me.txtPhone.Text = "" 
     Me.txtAddress.Text = "" 
     Me.txtstdID.Tag = "" 
     'enable button edit 
     Me.btnEdit.Enabled = True 
     'set button add to add label 
     Me.btnAdd.Text = "Add" 
     ' 
     Me.txtstdID.Focus() 
    End Sub 

    Private Sub RefreshData() 
     If Not cnn.State = ConnectionState.Open Then 
      'open connection 
      cnn.Open() 
     End If 

     Dim da As New OleDb.OleDbDataAdapter("SELECT stdid as [ID], " & _ 
              "stdname as [Name], Gender, Phone, Address " & _ 
              " FROM student ORDER BY stdid", cnn) 
     Dim dt As New DataTable 
     'fill data to datatable 
     da.Fill(dt) 

     'offer data in data table into datagridview 
     Me.dgvData.DataSource = dt 

     'close connection 
     cnn.Close() 
    End Sub 

    Private Sub btnAdd_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnAdd.Click 
     Dim cmd As New OleDb.OleDbCommand 
     If Not cnn.State = ConnectionState.Open Then 
      'open connection if it is not yet open 
      cnn.Open() 
     End If 

     cmd.Connection = cnn 
     'check whether add new or update 
     If Me.txtstdID.Tag & "" = "" Then 
      'add new 
      'add data to table 
      cmd.CommandText = "INSERT INTO student(stdid, stdname, gender, phone, address) " & _ 
          " VALUES(" & Me.txtstdID.Text & ",'" & Me.txtStdName.Text & "','" & _ 
          Me.cboGender.Text & "','" & Me.txtPhone.Text & "','" & _ 
          Me.txtAddress.Text & "')" 
      cmd.ExecuteNonQuery() 
     Else 
      'update data in table 
      cmd.CommandText = "UPDATE student " & _ 
         " SET stdid=" & Me.txtstdID.Text & _ 
         ", stdname='" & Me.txtStdName.Text & "'" & _ 
         ", gender='" & Me.cboGender.Text & "'" & _ 
         ", phone='" & Me.txtPhone.Text & "'" & _ 
         ", address='" & Me.txtAddress.Text & "'" & _ 
         " WHERE stdid=" & Me.txtstdID.Tag 
      cmd.ExecuteNonQuery() 
     End If 
     'refresh data in list 
     RefreshData() 
     'clear form 
     Me.btnClear.PerformClick() 

     'close connection 
     cnn.Close() 
    End Sub 

    Private Sub frmStudent_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load 
     cnn = New OleDb.OleDbConnection 
     cnn.ConnectionString = "Provider=Microsoft.Jet.Oledb.4.0; Data Source=" & Application.StartupPath & "\data.mdb" 
     ' 
     'get data into list 
     Me.RefreshData() 
    End Sub 

    Private Sub btnEdit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnEdit.Click 
     'check for the selected item in list 
     If Me.dgvData.Rows.Count > 0 Then 
      If Me.dgvData.SelectedRows.Count > 0 Then 
       Dim intStdID As Integer = Me.dgvData.SelectedRows(0).Cells("id").Value 
       'get data from database followed by student id 
       'open connection 
       If Not cnn.State = ConnectionState.Open Then 
        cnn.Open() 
       End If 
       'get data into datatable 
       Dim da As New OleDb.OleDbDataAdapter("SELECT * FROM student " & _ 
                " WHERE stdid=" & intStdID, cnn) 
       Dim dt As New DataTable 
       da.Fill(dt) 

       Me.txtstdID.Text = intStdID 
       Me.txtStdName.Text = dt.Rows(0).Item("stdname") 
       Me.cboGender.Text = dt.Rows(0).Item("gender") 
       Me.txtPhone.Text = dt.Rows(0).Item("phone") 
       Me.txtAddress.Text = dt.Rows(0).Item("address") 
       ' 
       'hide the id to be edited in TAG of txtstdid in case id is changed 
       Me.txtstdID.Tag = intStdID 
       'change button add to update 
       Me.btnAdd.Text = "Update" 
       'disable button edit 
       Me.btnEdit.Enabled = False 
       'close connection 
       cnn.Close() 
      End If 
     End If 
    End Sub 

    Private Sub btnDelete_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnDelete.Click 
     'check for the selected item in list 
     If Me.dgvData.Rows.Count > 0 Then 
      If Me.dgvData.SelectedRows.Count > 0 Then 
       Dim intStdID As Integer = Me.dgvData.SelectedRows(0).Cells("id").Value 
       'open connection 
       If Not cnn.State = ConnectionState.Open Then 
        cnn.Open() 
       End If 

       'delete data 
       Dim cmd As New OleDb.OleDbCommand 
       cmd.Connection = cnn 
       cmd.CommandText = "DELETE FROM student WHERE stdid=" & intStdID 
       cmd.ExecuteNonQuery() 
       'refresh data 
       Me.RefreshData() 

       'close connection 
       cnn.Close() 
      End If 
     End If 
    End Sub 
End Class 

Answer 1

OleDB는 물음표 ?을 매개 변수 자리 표시 자로 사용합니다. 어떤 텍스트 상자에 ?이 있으면 제목에서 언급 한 오류가 표시됩니다.

helrich가 말했듯이 검색어를 매개 변수화해야합니다. 이것은 또한 DB에 대한 SQL 주입을 방지합니다. (이것은 삽입뿐만 아니라 모든 쿼리에 적용됩니다.)

관련이 없지만 OleDBCommand는 IDisposable 인터페이스를 구현하므로 처리하거나 사용 블록 내에서 사용해야합니다.

Using cmd As New OleDBCommand() 
    '... some code omitted for brevity ... 
    cmd.CommandText = "INSERT INTO student(stdid, stdname, gender, phone, address) VALUES(?, ?, ?, ?, ?);" 

    'Add the parameters specified. 
    'OleDB uses question marks as placeholders. 
    'Parameters must be added in the correct order. 
    cmd.Parameters.Add("stdid", txtstdID.Text) 
    cmd.Parameters.Add("stdname", txtStdName.Text) 
    cmd.Parameters.Add("gender", cboGender.Text) 
    cmd.Parameters.Add("phone", txtPhone.Text) 
    cmd.Parameters.Add("address", txtAddress.Text) 

    cmd.ExecuteNonQuery() 
    '... more code omitted for brevity ... 
End Using