我如何为INSERTION做表格 [英] How do I I DO FORM for INSERTION
本文介绍了我如何为INSERTION做表格的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
运行程序时,显示的数据顺序不正确。有人能告诉我为什么会这样吗?当我尝试插入数据时,它表示
您输入的数据存在错误,如下所示.INSERT INTO语句中出现语法错误。
我尝试过:
When I run the program, the data shown is not in the right order. Can somebody tell me why that happened? And when i try to insert the data it says that
"There is a mistake in the data you entered, as shown below. Syntax error in INSERT INTO statement."
What I have tried:
Public Class frm_insertproduct_A155751
Dim defaultpicture As String = Application.StartupPath & "\pictures\NoImage.jpg"
Private Sub frm_insertproduct_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
refresh_grid()
grd_product.DataSource = run_sql_query("SELECT * FROM TBL_PRODUCT_A155751")
txt_productid.Text = generate_productid()
txt_picture.Text = defaultpicture
pic_product.BackgroundImage = Image.FromFile(defaultpicture)
End Sub
Private Function generate_productid() As String
Dim lastproductid As String = run_sql_query("SELECT MAX(FLD_PRODUCT_ID) AS LASTPRODUCTID FROM TBL_PRODUCT_A155751").Rows(0).Item("LASTPRODUCTID")
MsgBox(lastproductid)
Dim newproductid As String = "P" & Mid(lastproductid, 2) + 1
Return newproductid
End Function
Private Sub refresh_grid()
Dim mysql As String = "SELECT * FROM TBL_PRODUCT_A155751"
Dim mydatatable As New DataTable
Dim myreader As New OleDb.OleDbDataAdapter(mysql, myconnection)
myreader.Fill(mydatatable)
grd_product.DataSource = mydatatable
End Sub
Private Sub clear_fields()
txt_productid.Text = ""
txt_productname.Text = ""
txt_productprice.Text = ""
txt_productbrand.Text = ""
txt_producttype.Text = ""
txt_productcategory.Text = ""
txt_productquality.Text = ""
End Sub
Private Sub btn_addproduct_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btn_addproduct.Click
Dim mysql As String = "INSERT INTO TBL_PRODUCT_A155751 VALUES('" & txt_productid.Text & "', '" & txt_productname.Text & "', '" & txt_productprice.Text & "','" & txt_productbrand.Text & "', '" & txt_producttype.Text & "','" & txt_productcategory.Text & "', '" & txt_productquality.Text & "')"
Dim mywriter As New OleDb.OleDbCommand(mysql, myconnection2)
Try
mywriter.Connection.Open()
mywriter.ExecuteNonQuery()
mywriter.Connection.Close()
My.Computer.FileSystem.CopyFile(txt_picture.Text, "pictures\" & txt_productid.Text & ".jpg")
grd_product.DataSource = run_sql_query("SELECT * FROM TBL_PRODUCT_A155751")
txt_productid.Text = generate_productid()
txt_productname.Text = ""
txt_productprice.Text = ""
txt_productbrand.Text = ""
txt_producttype.Text = ""
txt_productcategory.Text = ""
txt_productquality.Text = ""
pic_product.BackgroundImage = Image.FromFile(defaultpicture)
Catch ex As Exception
Beep()
MsgBox("There is a mistake in the data you entered, as shown below" & vbCrLf & vbCrLf & ex.Message)
mywriter.Connection.Close()
End Try
End Sub
Private Sub btn_select_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btn_picture.Click
Dim mydesktop As String = My.Computer.FileSystem.SpecialDirectories.Desktop
OpenFileDialog1.InitialDirectory = mydesktop
OpenFileDialog1.FileName = ""
OpenFileDialog1.Filter = "JPG files(*.jpg)|*.jpg"
OpenFileDialog1.ShowDialog()
pic_product.BackgroundImage = Image.FromFile(OpenFileDialog1.FileName)
txt_picture.Text = OpenFileDialog1.FileName
End Sub
Private Sub btn_back_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btn_back.Click
frm_mainmenu_A155751.Show()
Me.Dispose()
End Sub
End Class
推荐答案
不要这样做!永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
为什么在INSERT语句的结束括号之前有逗号?
Don't do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
And why do you have a comma just before the closing bracket of your INSERT statement?
& txt_productquality.Text & "',)"
这样的问题也很容易被参数化查询发现......
Problems like that are a lot easier to spot with parameterized queries as well...
这篇关于我如何为INSERTION做表格的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文