如何最小化平衡 [英] How to minimum balance
问题描述
如何将保存和当前的帐户类型的最小余额小于100和500不能转移基金,但我可以转移少于100和500的余额并且没有任何错误显示
我尝试过:
Imports System.Data.OleDb
Public Class TransferFund
Dim conn As New OleDbConnection
Dim insert as New OleDbCommand
Dim del As New OleDbCommand
昏暗更新为新OleDbCommand
昏暗查询为新OleDbCommand
Dim con =Provider = Microsoft.ACE.OLEDB.12.0 ;数据源= C:\Users\lingc \Desktop \VBNet Assignment \VBNet Assignment \bin\Debug \Database41.mdb;
Private Sub btnBack_Click(sender As对象,e作为EventArgs)处理btnBack.Click
Transaction.Show()
Me.Hide()
End Sub
Private Sub btnConfirm_Click(sender as Object,e As EventArgs)处理btnConfirm.Click
Dim oldbalance1,newbalance1 As Int32
Dim oldbalance2,newbalance2 As Int32
Dim num As Int32
Dim accessdate As DateTime
Dim credit As Boolean = False
Dim balancenum As Int32
accessdate = Me.DateTimePicker1.Value
DateTimePicker1.Format = DateTimePickerFormat.Custom
DateTimePicker1.CustomFormat = DateTime.Now.ToString( dd-MM-yyyy)
如果txtAccountNo.Text<> 和txtAccountNo2.Text<> 那么
oldbalance1 = CInt(txtBalance.Text)
oldbalance2 = CInt(txtBalance2.Text)
num = CInt(txtTransferAmount.Text )
newbalance1 = oldbalance1 - num
如果txtAccountNo.Text =Saving且newbalance1< 100然后
credit = False
balancenum = 100
ElseIf txtAccountNo.Text =Current和newbalance1< 500然后
credit = False
balancenum = 500
否则
credit = True
结束如果
如果(信用)那么
updated.CommandText =UPDATE [Detail] Set Balance ='& newbalance1& 'WHERE AccountNo ='& txtAccountNo.Text& ';
updated.CommandType = CommandType.Text
updated.Connection = conn
conn.Open()
updated.ExecuteNonQuery()
conn.Close()
Dim abc = txtTransferAmount.Text
abc = -abc
insert.CommandText =INSERT INTO [Transaction](CustomerID,AccountNo,Amount,EntryDate)值('& txtCustomerID.Text& ;','& txtAccountNo.Text&','& Convert.ToInt32(abc)&','& DateTime.Now.ToString(yyyy-MM-dd)& ;');
insert.CommandType = CommandType.Text
insert.Connection = conn
conn.Open()
insert.ExecuteNonQuery()
conn.Close()
newbalance2 = oldbalance2 + num
updated.CommandText =UPDATE [Detail] SET Balance ='& newbalance2& 'WHERE AccountNo ='& txtAccountNo2.Text& ';
updated.CommandType = CommandType.Text
updated.Connection = conn
conn.Open()
updated.ExecuteNonQuery()
conn.Close()
insert.CommandText =INSERT INTO [Transaction](CustomerID, AccountNo,Amount,EntryDate)值('& txtCustomerID2.Text&','& txtAccountNo2.Text&','& Convert.ToInt32(txtTransferAmount.Text)&',' & DateTime.Now.ToString(yyyy-MM-dd)&');
insert.CommandType = CommandType.Text
insert.Connection = conn
conn.Open()
insert.ExecuteNonQuery()
conn.Close()
MessageBox.Show(记录已被更新。)
否则
MessageBox.Show(txtAccountType.Text& 账户余额必须远远超过& balancenum& 。)
结束如果
否则
MessageBox.Show(交易失败发生,请尝试再次。)
结束如果
首先学习如何正确地做事:该代码对SQL注入是开放的,这意味着用户可能会损坏或破坏您的数据库。永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
当您修复此问题时,您还应该使用TryParse验证您的用户输入并向您的用户报告问题:此时,您的应用只是假定有效性并使用Cint提出的任何内容,这可能不正确。
从功能性POV中,您假设从文本框中读取的余额是正确的,并盲目地将其更新到数据库中,这非常危险:主要是因为您我不知道盒子里的数据有多大,而且在多用户环境中存在风险,因此您应该将余额直接更新为数据库中的价值+存款或类似物,而不仅仅是使用特定值进行更新。 $>
修复它们也可以解决你的问题 - 但如果没有,我们需要确切地知道问题是什么以及它发生在哪里:我们可以'运行你的代码,因为我们无权访问你的数据!
有一个工具可以让你看到你的代码在做什么,它的名字是调试器 。它也是一个很好的学习工具,因为它向你展示了现实,你可以看到哪种期望与现实相符。
当你不明白你的代码在做什么或为什么它做它做的时候,答案就是答案是调试器。
使用调试器查看代码正在执行的操作。只需设置断点并查看代码执行情况,调试器允许您逐行执行第1行并在执行时检查变量。
调试器 - 维基百科,免费的百科全书 [ ^ ]
Visual Basic / Visual Studio视频教程 - 基本调试 - YouTube [ ^ ]
初学者的Visual Basic .NET编程 - 断点和调试工具 [ ^ ]
调试器在这里向您展示您的代码正在做什么,您的任务是与它应该做什么进行比较。
调试器中没有魔法,它没有发现错误,它只是帮助你。当代码没有达到预期效果时,你就接近了一个错误。
-----
不是你问题的解决方案,但另一个问题你有。
永远不要通过连接字符串来构建SQL查询。迟早,您将使用用户输入来执行此操作,这会打开一个名为SQL注入的漏洞,这对您的数据库很容易并且容易出错。
名称中的单引号你的程序崩溃。如果用户输入像Brian O'Conner这样的名称可能会使您的应用程序崩溃,那么这是一个SQL注入漏洞,崩溃是最少的问题,恶意用户输入,并且它被提升为具有所有凭据的SQL命令。
SQL注入 - 维基百科 [ ^ ]
SQL注入 [ ^ ]
How to minimum balance of account type of "saving" and "Current" to less than 100 and 500 to cannot transfer Fund, but i can transfer the balance less than 100 and 500 and nothing error will showing
What I have tried:
Imports System.Data.OleDb
Public Class TransferFund
Dim conn As New OleDbConnection
Dim insert As New OleDbCommand
Dim del As New OleDbCommand
Dim updated As New OleDbCommand
Dim inquiry As New OleDbCommand
Dim con = "Provider=Microsoft.ACE.OLEDB.12.0; Data Source=C:\Users\lingc\Desktop\VBNet Assignment\VBNet Assignment\bin\Debug\Database41.mdb;"
Private Sub btnBack_Click(sender As Object, e As EventArgs) Handles btnBack.Click
Transaction.Show()
Me.Hide()
End Sub
Private Sub btnConfirm_Click(sender As Object, e As EventArgs) Handles btnConfirm.Click
Dim oldbalance1, newbalance1 As Int32
Dim oldbalance2, newbalance2 As Int32
Dim num As Int32
Dim accessdate As DateTime
Dim credit As Boolean = False
Dim balancenum As Int32
accessdate = Me.DateTimePicker1.Value
DateTimePicker1.Format = DateTimePickerFormat.Custom
DateTimePicker1.CustomFormat = DateTime.Now.ToString("dd-MM-yyyy")
If txtAccountNo.Text <> "" And txtAccountNo2.Text <> "" Then
oldbalance1 = CInt(txtBalance.Text)
oldbalance2 = CInt(txtBalance2.Text)
num = CInt(txtTransferAmount.Text)
newbalance1 = oldbalance1 - num
If txtAccountNo.Text = "Saving" And newbalance1 < 100 Then
credit = False
balancenum = 100
ElseIf txtAccountNo.Text = "Current" And newbalance1 < 500 Then
credit = False
balancenum = 500
Else
credit = True
End If
If (credit) Then
updated.CommandText = "UPDATE [Detail] Set Balance= '" & newbalance1 & "' WHERE AccountNo='" & txtAccountNo.Text & "' ;"
updated.CommandType = CommandType.Text
updated.Connection = conn
conn.Open()
updated.ExecuteNonQuery()
conn.Close()
Dim abc = txtTransferAmount.Text
abc = -abc
insert.CommandText = "INSERT INTO [Transaction] (CustomerID, AccountNo, Amount, EntryDate) values ('" & txtCustomerID.Text & "', '" & txtAccountNo.Text & "', '" & Convert.ToInt32(abc) & "', '" & DateTime.Now.ToString("yyyy-MM-dd") & "');"
insert.CommandType = CommandType.Text
insert.Connection = conn
conn.Open()
insert.ExecuteNonQuery()
conn.Close()
newbalance2 = oldbalance2 + num
updated.CommandText = "UPDATE [Detail] SET Balance= '" & newbalance2 & "' WHERE AccountNo='" & txtAccountNo2.Text & "' ;"
updated.CommandType = CommandType.Text
updated.Connection = conn
conn.Open()
updated.ExecuteNonQuery()
conn.Close()
insert.CommandText = "INSERT INTO [Transaction] (CustomerID, AccountNo, Amount, EntryDate) values ('" & txtCustomerID2.Text & "', '" & txtAccountNo2.Text & "', '" & Convert.ToInt32(txtTransferAmount.Text) & "', '" & DateTime.Now.ToString("yyyy-MM-dd") & "');"
insert.CommandType = CommandType.Text
insert.Connection = conn
conn.Open()
insert.ExecuteNonQuery()
conn.Close()
MessageBox.Show("The Record has been Updated.")
Else
MessageBox.Show(txtAccountType.Text & " Account Balance Must Greather Than " & balancenum & ".")
End If
Else
MessageBox.Show("Transaction Failure Occured, Please Try Again.")
End If
Start by learning how to do things properly: that code is wide open to SQL Injection which means users can damage or destroy your DB. Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
While you fix that, you should also validate your user inputs using TryParse and report problems to your users: at the moment, your app just assumes validity and uses whatever Cint come up with, which may not be correct.
From a functional POV, you are assuming that the balance you read from textboxes is correct, and blindly updating that into the DB, which is very dangerous: mostly because you have no idea how old the data from the boxes is and in a multiuser environment that's risky, so you should be updating a balance directly into the DB as a "Value + deposit" or similar rather than just updating with a specific value.
Fixing them may get rid of your problem as well - but if it doesn't, we would need to know exactly what the problem is and where it occurs: we can't run your code as we have no access to your data!
There is a tool that allow you to see what your code is doing, its name is debugger. It is also a great learning tool because it show you reality and you can see which expectation match reality.
When you don't understand what your code is doing or why it does what it does, the answer is debugger.
Use the debugger to see what your code is doing. Just set a breakpoint and see your code performing, the debugger allow you to execute lines 1 by 1 and to inspect variables as it execute.
Debugger - Wikipedia, the free encyclopedia[^]
Visual Basic / Visual Studio Video Tutorial - Basic Debugging - YouTube[^]
Visual Basic .NET programming for Beginners - Breakpoints and Debugging Tools[^]
The debugger is here to show you what your code is doing and your task is to compare with what it should do.
There is no magic in the debugger, it don't find bugs, it just help you to. When the code don't do what is expected, you are close to a bug.
-----
Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
这篇关于如何最小化平衡的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
