我们如何从SQL数据表中获取数据总和,并在datagridview中向人员显示总和值
问题描述:
这是我的SQL数据表和Datagridview表,我想得到数据库表中指定的人的和值,并在datagridview中显示。
i am only只获得一个人的细节其他是零,没有任何错误。你能不能请任何人帮我这样做。
here is my SQL Data Table and Datagridview table, i want to get the sum value of the person specified from database table and display in datagridview.
i am only getting only one person details other are zero without any error. Could you please anyone can help me to do so.
SQL DATA TABLE
StaffId StaffName INRDrAmt INRCrAmt
STF-01 Deepak Sasmal 5,000.00 0.00
STF-02 Abdul Vakil 3,000.00 0.00
STF-03 Arvind Soorma 7,000.00 0.00
STF-04 Anwar Khan 4,000.00 0.00
STF-05 Arvind Mohanty 1,000.00 0.00
STF-06 Raman Kumar 7,000.00 0.00
STF-01 Deepak Sasmal 9,000.00 0.00
STF-01 Deepak Sasmal 1,000.00 0.00
STF-01 Deepak Sasmal 0.00 11,000.00
STF-06 Raman Kumar 0.00 200.00
STF-02 Abdul Vakil 0.00 500.00
STF-03 Arvind Soorma 4,000.00
STF-03 Arvind Soorma 0.00 6,000.00
STF-04 Anwar Khan 1,000.00 0.00
STF-04 Anwar Khan 0.00 4,000.00
STF-04 Anwar Khan 0.00 1,500.00
DATA GRID VIEW
StaffId StaffName Total DrAmt Total CrAmt Balance
STF-01 Deepak Sasmal 15,000.00 11,000.00 4,000.00
STF-02 Abdul Vakil 0.00 0.00 0.00
STF-03 Arvind Soorma 0.00 0.00 0.00
STF-04 Anwar Khan 0.00 0.00 0.00
STF-05 Arvind Mohanty 0.00 0.00 0.00
STF-06 Raman Kumar 0.00 0.00 0.00
我尝试过:
What I have tried:
Dim Cmd As New SqlClient.SqlCommand
Dim Con As New SqlClient.SqlConnection
Dim Rd As SqlDataReader
Con.ConnectionString = "Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=dbase;Integrated Security=True;Pooling=False"
Cmd.Connection = Con
Con.Open()
Dim Row As DataGridViewRow
Dim Int As Integer
Row = Clientconsole.Dgvcltconsole.Rows(Int)
Cmd.CommandText = "Select [ClientName], ISNULL(Sum(INRCrAmt),0) as Credit, ISNULL(Sum(INRDrAmt),0) as Debit From ClientLdgr Where [ClientName]='" & Row.Cells(1).Value & "' GROUP BY [ClientName]"
Rd = Cmd.ExecuteReader
Rd.Read()
If Rd.Read Then
Row.Cells(2).Value = Rd.Item("Debit")
Row.Cells(3).Value = Rd.Item("Credit")
Row.Cells(4).Value = Rd.Item("Debit") - Rd.Item("Credit")
Rd.Close()
End If
答
快速而肮脏的方式,将其置于Button Click方法中:
Quick and dirty way, put this in a Button Click method:
Dim totalValue As Integer = 0
For Each dr As DataGridViewRow In DataGridView1.Rows
totalValue = totalValue + CInt(dr.("ColumnName").value.tostring)
Next
TextBox1.Text = totalValue.ToString
哎呀,上面的答案有点太仓促,你可能需要一个看起来像这样的查询:
Oops, the above answer was a bit too hasty, you probably need a query which looks like this:
SELECT StaffId, ClientName, SUM(INRDrAmt)
FROM ClientLdgr
WHERE INRDrAmt IS NOT NULL
GROUP BY StaffId, ClientName
用于测试:
For testing:
USE [CodeProject2017]
GO
CREATE TABLE [dbo].[ClientLdgr](
[StaffId] [nvarchar](10) NULL,
[ClientName] [nvarchar](50) NULL,
[INRDrAmt] [decimal](10, 2) NULL
) ON [PRIMARY]
GO
INSERT INTO [dbo].[ClientLdgr] ([StaffId],[ClientName],[INRDrAmt]) VALUES ('STF-01', 'Deepak Sasmal', '5000')
INSERT INTO [dbo].[ClientLdgr] ([StaffId],[ClientName],[INRDrAmt]) VALUES ('STF-02', 'Abdul Vakil', '3000')
INSERT INTO [dbo].[ClientLdgr] ([StaffId],[ClientName],[INRDrAmt]) VALUES ('STF-03', 'Arvind Soorma', '7000')
INSERT INTO [dbo].[ClientLdgr] ([StaffId],[ClientName],[INRDrAmt]) VALUES ('STF-04', 'Anwar Khan', '4000')
INSERT INTO [dbo].[ClientLdgr] ([StaffId],[ClientName],[INRDrAmt]) VALUES ('STF-05', 'Arvind Mohanty', '1000')
INSERT INTO [dbo].[ClientLdgr] ([StaffId],[ClientName],[INRDrAmt]) VALUES ('STF-06', 'Raman Kumar', '7000')
INSERT INTO [dbo].[ClientLdgr] ([StaffId],[ClientName],[INRDrAmt]) VALUES ('STF-01', 'Deepak Sasmal', '9000')
INSERT INTO [dbo].[ClientLdgr] ([StaffId],[ClientName],[INRDrAmt]) VALUES ('STF-01', 'Deepak Sasmal', '1000')
INSERT INTO [dbo].[ClientLdgr] ([StaffId],[ClientName],[INRDrAmt]) VALUES ('STF-01', 'Deepak Sasmal', '0')
INSERT INTO [dbo].[ClientLdgr] ([StaffId],[ClientName],[INRDrAmt]) VALUES ('STF-06', 'Raman Kumar', NULL)
SELECT StaffId, ClientName, SUM(INRDrAmt)
FROM ClientLdgr
WHERE INRDrAmt IS NOT NULL
GROUP BY StaffId, ClientName
不是您问题的解决方案,而是您遇到的另一个问题。
永远不要通过连接字符串来构建SQL查询。迟早,你会使用用户输入,这样就打开了一个名为SQL注入的漏洞,这对你的数据库很危险并且容易出错。
一个名字中的单引号你的程序崩溃。如果用户输入像Brian O'Conner这样的名称可能会使您的应用程序崩溃,那么这是一个SQL注入漏洞,崩溃是最少的问题,恶意用户输入,并且它被提升为具有所有凭据的SQL命令。
SQL注入 - * [ ^ ]
SQL注入 [ ^ ]
Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, anf this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
Dim Cmd As New SqlCommand
Dim Con As New SqlConnection
Con.ConnectionString = "Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=dbase;Integrated Security=True;Pooling=False"
Cmd.Connection = Con
Con.Open()
For Each Row As DataGridViewRow In Clientconsole.Dgvcltconsole.Rows
Cmd.CommandText = "Select ClientName, ISNULL(Sum(INRCrAmt),0) as Credit, ISNULL(Sum(INRDrAmt),0) as Debit From ClientLdgr Where ClientName ='" & Row.Cells(1).Value & "' GROUP BY [ClientName]"
Using Rd As SqlDataReader = Cmd.ExecuteReader
Rd.Read()
If Rd.HasRows Then
Row.Cells(2).Value = Rd.Item("Debit")
Row.Cells(3).Value = Rd.Item("Credit")
Row.Cells(4).Value = Rd.Item("Debit") - Rd.Item("Credit")
End If
End Using
Next