复选框到数据库表 [英] checkbox into database table

问题描述

此查询使用ODBC连接写入添加按钮和m。我需要将复选框值添加到数据库表中的一列中，即。指定。下面的cade给出了一个错误。

我是初学者所以我想要完整的解释。

Dim con As New Odbc.OdbcConnection（dsn = dem; uid = root; pwd = root）



Dim str As String





Private Sub btnadd_Click（ByVal sender As System.Object，ByVal e As System.EventArgs）处理btnadd.Click

如果chkincharge.Checked那么

a = chkincharge.Text.ToString

ElseIf chkadditionalincharge.Checked那么

b = chkadditionalincharge.Text.ToString

ElseIf chkmember.Checked那么

c = chkmember .Text.ToString





结束如果



con.Open（ ）

Dim cmd As New Odbc.OdbcCommand（插入复选框值（''+ DateTimePicker1.Value.Date.ToString（yyyy / mm / dd）+''，'' + cmbcommitteename.Text +''，''+ cmbmembers.Text + '，''+ a +''，''+ b +''，''+ c +''），con）

cmd.ExecuteNonQuery（）

con.Close（）

MsgBox（记录添加成功）

''txteventtitle.Text =

''rchdescription.Text =

''DateTimePicker1.Text = Date.Now













结束次级





提前谢谢

This Query is written in Add button and m using ODBC connection. i need to add check box value into one column in database table ie. designation. the below cade is giving an error.
I am a beginner so i want full explanation pls.
Dim con As New Odbc.OdbcConnection("dsn=dem;uid=root;pwd=root")

Dim str As String


Private Sub btnadd_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnadd.Click
If chkincharge.Checked Then
a = chkincharge.Text.ToString
ElseIf chkadditionalincharge.Checked Then
b = chkadditionalincharge.Text.ToString
ElseIf chkmember.Checked Then
c = chkmember.Text.ToString


End If

con.Open()
Dim cmd As New Odbc.OdbcCommand("insert into checkbox values(''" + DateTimePicker1.Value.Date.ToString("yyyy/mm/dd") + "'',''" + cmbcommitteename.Text + "'',''" + cmbmembers.Text + "'',''" + a + "'',''" + b + "'',''" + c + "'')", con)
cmd.ExecuteNonQuery()
con.Close()
MsgBox("Record added successfully")
''txteventtitle.Text = ""
''rchdescription.Text = ""
''DateTimePicker1.Text = Date.Now






End Sub


thank u in advance

推荐答案

不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。

Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

Dim cmd As New Odbc.OdbcCommand("INSERT INTO checkbox VALUES(@DT, @CN, @MB, @A, @B, @C)", con)
cmd.Parameters.AddWithValue("@DT", DateTimePicker1.Value.Date)
cmd.Parameters.AddWithValue("@CN", cmbcommitteename.Text)
cmd.Parameters.AddWithValue("@MB", cmbmembers.Text)
cmd.Parameters.AddWithValue("@A", a)
cmd.Parameters.AddWithValue("@B", b)
cmd.Parameters.AddWithValue("@C", c)
cmd.ExecuteNonQuery()
con.Close()

并命名你的字段！如果你不这样做，那么如果添加或删除了一个列，你就会遇到问题。

And name your fields! If you don''t, then you are risking problems if a column is added or removed.

这篇关于复选框到数据库表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！