【发布时间】:2014-10-23 03:00:43
【问题描述】:
我正在尝试在 VB 中创建更新命令。我能够创建它并且没有显示错误。
但是当我在调试期间尝试执行命令时,更新似乎不起作用。在执行过程中我没有收到任何错误,但我的数据库没有进行任何更改。
这是我的代码..有点长..抱歉..
connection = New MySqlConnection
connection.ConnectionString = "Database=ngp;data source=localhost; user id= root; password=********"
Dim reader As MySqlDataReader
If MsgBox("Are you sure about the CHANGES you made to " & Label33.Text & " ? " & vbNewLine & "May prob pa sa result ng yesno", MsgBoxStyle.YesNo) = MsgBoxResult.Yes Then
Try
connection.Open()
Dim edit As String
edit = "update ngpmain set ID='" & TextBox21.Text & "',PENRO='" & ComboBox1.SelectedItem & "',CENRO='" & ComboBox2.SelectedItem & "',MUNICIPALITY_or_CITY='" & ComboBox3.SelectedItem & "',BARANGAY='" & TextBox1.Text & "',PROVINCE='" & TextBox2.Text & "',AREA='" & TextBox3.Text & "',SEEDS_PLANTED='" & TextBox4.Text & "',NAME_OF_ORG='" & TextBox5.Text & "',CONTACT_PERSON='" & TextBox6.Text & "',TYPE_OF_ORG='" & ComboBox4.SelectedItem & "',COMPONENT='" & ComboBox5.SelectedItem & "',COMMODITY='" & ComboBox10.SelectedItem & "',SPECIES='" & TextBox8.Text & "',YEAR='" & ComboBox6.SelectedItem & "',ZONE='" & ComboBox7.SelectedItem & "',TENURE='" & TextBox9.Text & "',NO_LOA='" & ComboBox8.SelectedItem & "',RIVER_BASIN='" & TextBox10.Text & "',WATERSHED='" & TextBox11.Text & "',REMARKS='" & TextBox12.Text & "',sid='" & TextBox13.Text & "',sid2='" & TextBox14.Text & "',YR_CD='" & TextBox15.Text & "', PSGC_CD='" & TextBox16.Text & "',SITE_ID='" & TextBox17.Text & "',AREA_CD='" & TextBox18.Text & "', MALE_PLANTER='" & TextBox19.Text & "',FEMALE_PLANTER='" & TextBox20.Text & "',TOTAL_PLANTERS='" & Label31.Text & "',UNIQUE_ID='" & Label33.Text & "',DISTRICT='" & ComboBox9.SelectedItem & "' where UNIQUE_ID='" & Label33.Text & "' "
command = New MySqlCommand(edit, connection)
reader = command.ExecuteReader
MsgBox("Changes were successfully applied.", MsgBoxStyle.Information)
Me.Show()
Catch ex As Exception
MsgBox(ex.Message)
Finally
connection.Dispose()
End Try
Else
MsgBox("No changes have been made.", MsgBoxStyle.Information)
Me.Show()
End If这是我的新代码
Using connection As New MySqlConnection("Database=ngp;data source=localhost; user id= root; password=admin")
Using edit As New MySqlCommand
With edit
.Connection = connection
'ID='" & TextBox21.Text & "', UNIQUE_ID='" & Label33.Text & "',sid='" & TextBox13.Text & "',sid2='" & TextBox14.Text & "',SITE_ID='" & TextBox17.Text & "',AREA_CD='" & TextBox18.Text & "',
.CommandText = "update ngpmain set PENRO='" & ComboBox1.SelectedItem & "',CENRO='" & ComboBox2.SelectedItem & "',MUNICIPALITY_or_CITY='" & ComboBox3.SelectedItem & "',BARANGAY='" & TextBox1.Text & "',PROVINCE='" & TextBox2.Text & "',AREA='" & TextBox3.Text & "',SEEDS_PLANTED='" & TextBox4.Text & "',NAME_OF_ORG='" & TextBox5.Text & "',CONTACT_PERSON='" & TextBox6.Text & "',TYPE_OF_ORG='" & ComboBox4.SelectedItem & "',COMPONENT='" & ComboBox5.SelectedItem & "',COMMODITY='" & ComboBox10.SelectedItem & "',SPECIES='" & TextBox8.Text & "',YEAR='" & ComboBox6.SelectedItem & "',ZONE='" & ComboBox7.SelectedItem & "',TENURE='" & TextBox9.Text & "',NO_LOA='" & ComboBox8.SelectedItem & "',RIVER_BASIN='" & TextBox10.Text & "',WATERSHED='" & TextBox11.Text & "',REMARKS='" & TextBox12.Text & "',YR_CD='" & TextBox15.Text & "',PSGC_CD='" & TextBox16.Text & "',MALE_PLANTER='" & TextBox19.Text & "',FEMALE_PLANTER='" & TextBox20.Text & "',TOTAL_PLANTERS='" & Label31.Text & "',DISTRICT='" & ComboBox9.SelectedItem & "'"
.CommandType = CommandType.Text
.Parameters.AddWithValue("UNIQUE_ID", Label33.Text)
End With
Try
connection.Open()
edit.ExecuteNonQuery()
MsgBox("Changes were successfully applied.", MsgBoxStyle.Information)
Me.Show()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Using
End Using【问题讨论】:
-
您应该使用参数化查询来防止 SQL 注入攻击。
-
@donal 知道如何用我的代码做到这一点吗?谢谢
-
您遇到的问题是您应该使用 ExecuteNonQuery 而不是 ExecuteReader。参数化查询用于最佳实践。
-
这里有一个很好的例子来说明如何编写它:stackoverflow.com/a/13133096/379855
-
我检查了链接并更改了我的代码..但是现在,它正在更改表中的所有数据..我只想更新使用唯一 ID 过滤的特定数据