VB.net中的DAL代码无法正常工作。 [英] DAL code in VB.net isn't working.
问题描述
我肯定可以使用这方面的帮助。 在产品Xlinesoft中,我在添加记录时能够利用DAL在当前表中的字段的不同表中创建新记录。 在此示例中,用户正在向.Net应用程序添加
a新记录,我需要将某些字段复制到不同的表并创建新记录。
示例:  ;用户在表NetAB中添加记录并填充名为LastName和FirstName的字段。 当他保存记录时,我调用VB.Net代码或者我可以选择C#代码从两个字段中获取数据并将其复制到另一个表
,称为Table1,添加新记录并填充字段LastName和FirstName以及来自NetAB的数据。 我使用的代码是:
Dim strSQLSave = new StringBuilder(" INSERT INTO Table1(FirstName,LastName)values(")
strSQLSave.Append(values(" FirstName")。ToString()&",")
strSQLSave.Append(values (" LastName"))
$
strSQLSave.Append(")")
CommonFunctions.db_exec(strSQLSave.ToString() ,没什么)
有人可以看看这个,看看他们是否看到了问题? 我只是错过了这一切。
谢谢
Joe Aboulhosn
SQL语句中的文本或字符串值需要用单引号括起来,而且Append语句中似乎缺少这些值。
我真的不知道CommonFunction.db_exec做了什么,但是如果你可以使用命令参数重写那个函数,那么它就不容易出错(而且不易受SQL注入的影响)利用)。
I sure could use some assistance with this. I have, within a product Xlinesoft, the ability to utilize DAL to create a new record in a different table from fields in a current table when I am adding a record. In this example the user is adding a new record to a .Net application and I need certain fields to be copied to a different table and create a new record.
Example: User adds a record in table NetAB and populates fields called LastName and FirstName. As he saves the record, I invoke VB.Net code or I have the option of C# code to take the data from the two fields and copy it to a different table called Table1, add a new record and populate the fields LastName and FirstName with the data from NetAB. The code I am using is this:
Dim strSQLSave = new StringBuilder("INSERT INTO Table1 (FirstName, LastName) values (")strSQLSave.Append(values("FirstName").ToString() & ",")
strSQLSave.Append(values("LastName"))
strSQLSave.Append(")")
CommonFunctions.db_exec(strSQLSave.ToString(), Nothing)
Could someone look at this and just see if they see an issue? I am just missing it all together.
Thanks
Joe Aboulhosn
Text or string values in a SQL statement need to be enclosed within single quotes and that appears to be missing from your Append statements.
I really do not know what CommonFunction.db_exec does but if you could rewrite that function using Command Parameters it would be less prone to mistakes (and less susceptible to a SQL Injection exploit).
这篇关于VB.net中的DAL代码无法正常工作。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!