我如何从Access数据库获取每周数据到VB.NET
请任何人帮助我,我只是制作一个微型金融类软件,有一个问题我想每周显示从访问数据库到vb.net datagrid视图的数据,但不能正常工作我的代码,
我将EntryDate插入储蓄条目作为Lable日期(lblSavingsEntryDate.Text = Date.Now.ToString(dd / MM / yyyy))喜欢这个
我尝试过:
这是我的代码
Please any one help me, I just making a micro finance type software, there was a problem I want to show every week data from access database to vb.net datagrid view but don't work my code,
I insert EntryDate into Savings Entry as Lable Date (lblSavingsEntryDate.Text = Date.Now.ToString("dd/MM/yyyy")) like this
What I have tried:
Here is my Code
Private Sub btnBalanceWeekly_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnBalanceWeekly.Click
Dim Sunday = DateTime.Now.AddDays((Today.DayOfWeek - DayOfWeek.Sunday) * -1).ToString("dd/MM/yyyy")
Dim todate = DateTime.Now.AddDays(0).ToString("dd/MM/yyyy")
Try
Dim sqlstr1 As String
sqlstr1 = "SELECT * FROM Receivedtbl WHERE EntryDate BETWEEN '" + Sunday + "' And '" + todate + "'"
Dim da As New OleDbDataAdapter(sqlstr1, conn2)
Dim dt As New DataTable("Receivedtbl")
da.Fill(dt)
dgvBalanceSavings.DataSource = dt
Catch ex As Exception
MessageBox.Show(ex.Message)
Finally
conn2.Close()
Me.BalanceTotalSeavings()
Me.BalanceGrpReceived()
Me.BalanceCusReceived()
End Try
End Sub
首先,正如理查德所说,停止使用字符串并使用正确的DateTime值 - 字符串总是使用文本比较进行比较,这意味着被比较的两个字符串中的第一个不同的字符形成整个比较的结果。
因此,如果你比较字符串并期望一个数字顺序,你得到
First off, as Richard says, stop using strings and use "proper" DateTime values - strings are always compared using text comparisons, which means that the first different character in the two strings being compared forms the result of the whole comparison.
So if you compare strings and expect a numeric order, you get
1
10
11
...
19
2
20
21
...
29
3基于字符串的日期更糟糕:
This is even worse with string based dates:
31/12/1901 > 1/1/2018因为第一个不同的字符是'3'和'1'所以甚至不考虑月份和年份。
所以存储你的日期在您的数据库中作为DATE,DATETIME或DATETIME2值,不要将VB DateTime值转换为字符串,并将它们作为参数传递给SQL查询而不是连接字符串。
当我们讨论串联时...从不连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。改为使用参数化查询。
连接字符串时会导致问题,因为SQL会收到如下命令:
because the first different characters are a '3' and a '1' so the month and year aren't even considered.
So store your dates in your DB as DATE, DATETIME, or DATETIME2 values, don;t convert your VB DateTime values to strings, and pass them as parameters to your SQL query instead of concatenating strings.
And while we are on the subject of concatenation ... Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'就SQL而言,用户添加的引号会终止字符串,并且您会遇到问题。但情况可能更糟。如果我来并改为输入:x'; DROP TABLE MyTable; - 然后SQL收到一个非常不同的命令:
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'哪个SQL看作三个单独的命令:
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';完全有效的SELECT
A perfectly valid SELECT
DROP TABLE MyTable;完全有效的删除表格通讯和
A perfectly valid "delete the table" command
--'其他一切都是评论。
所以它确实:选择任何匹配的行,从数据库中删除表,并忽略其他任何内容。
所以总是使用参数化查询!或者准备好经常从备份中恢复数据库。你经常定期备份,不是吗?
并完成整个应用程序的其余部分并确保你已经检查并修复了每一个命令:错过一个,你的数据库将会处于危险之中。
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
And go through the whole of the rest of your app and make absolutely sure you have checked and fixed every single command: miss one, and your DB will be at risk.