来自vb应用程序的sql查询中的时间戳 [英] timestamp in sql query from vb application
问题描述
我正在开发一个涉及sql server和vb的小型应用程序.我的表将时间戳记作为列之一.当我直接在sql时间戳字段上写查询时,可以跳过.但是,当在vb应用程序中编写查询时.查询返回错误没有足够的参数 !!
I''m developing a small application which involves sql server and vb for the front end. my tables has timestamp as one of the column. when i write query directly on sql timestamp field can be skipped. But when query is written within the vb app. The query returns a error NOT ENOUGH ARGUMENTS SUPPLIED!!
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
com.ConnectionString = "server=.\sqlexpress;Database=mjjsj1;trusted_connection=True;"
If TextBox1.Text <> "" And TextBox2.Text <> "" And TextBox3.Text <> "" Then
com.Open()
cmd = New SqlCommand("insert into BACHELI values(" + TextBox2.Text + "," + TextBox5.Text + "," + TextBox8.Text + ")", com)
cmd.ExecuteNonQuery()
com.Close()
End If
End Sub
谢谢
THANK YOU
推荐答案
请勿连接字符串以构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门,这可能会破坏整个数据库.改用参数化查询-几乎可以肯定,它可以同时解决您的问题!
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead - it will almost certainly cure your problem at the same time!
cmd = New SqlCommand("INSERT INTO Bacheli (mycolumn1, mycolumn2, myColumn3) VALUES (@T1, @T2, @T3)", com)
cmd.Parameters.AddWithValue("@T1", TextBox2.Text)
cmd.Parameters.AddWithValue("@T2", TextBox5.Text)
cmd.Parameters.AddWithValue("@T3", TextBox8.Text)
您将需要重命名"mycolumn1"等以匹配您的列,并且重命名参数"@ T1"等也是更明智的选择.
当我们讨论这个主题时,停止使用VS默认名称-今天您可能还记得"TextBox8"的含义,但是当您回到一周后进行更改时呢?还是下个月?始终使用明智的名称来描述其用途.
You will need to rename "mycolumn1" etc. to match your columns, and it would be a good idea to rename the parameters "@T1" and so on to something more sensible as well.
While we are on the subject, stop taking VS defaults for names - you may remember today what "TextBox8" holds, but when you come back to makes changes in a weeks time? Or next month? Always use sensible names instead that describe what it is used for.
这篇关于来自vb应用程序的sql查询中的时间戳的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!