来自vb应用程序的sql查询中的时间戳 [英] timestamp in sql query from vb application

问题描述

我正在开发一个涉及sql server和vb的小型应用程序.我的表将时间戳记作为列之一.当我直接在sql时间戳字段上写查询时，可以跳过.但是，当在vb应用程序中编写查询时.查询返回错误没有足够的参数 !!

I''m developing a small application which involves sql server and vb for the front end. my tables has timestamp as one of the column. when i write query directly on sql timestamp field can be skipped. But when query is written within the vb app. The query returns a error NOT ENOUGH ARGUMENTS SUPPLIED!!

Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
com.ConnectionString = "server=.\sqlexpress;Database=mjjsj1;trusted_connection=True;"
If TextBox1.Text <> "" And TextBox2.Text <> "" And TextBox3.Text <> "" Then
com.Open()
cmd = New SqlCommand("insert into BACHELI values(" + TextBox2.Text + "," + TextBox5.Text + "," + TextBox8.Text + ")", com)
cmd.ExecuteNonQuery()
com.Close()
End If
End Sub

谢谢

THANK YOU

推荐答案

请勿连接字符串以构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门，这可能会破坏整个数据库.改用参数化查询-几乎可以肯定，它可以同时解决您的问题！

Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead - it will almost certainly cure your problem at the same time!

cmd = New SqlCommand("INSERT INTO Bacheli (mycolumn1, mycolumn2, myColumn3) VALUES (@T1, @T2, @T3)", com)
cmd.Parameters.AddWithValue("@T1", TextBox2.Text)
cmd.Parameters.AddWithValue("@T2", TextBox5.Text)
cmd.Parameters.AddWithValue("@T3", TextBox8.Text)

您将需要重命名"mycolumn1"等以匹配您的列，并且重命名参数"@ T1"等也是更明智的选择.

当我们讨论这个主题时，停止使用VS默认名称-今天您可能还记得"TextBox8"的含义，但是当您回到一周后进行更改时呢?还是下个月?始终使用明智的名称来描述其用途.

You will need to rename "mycolumn1" etc. to match your columns, and it would be a good idea to rename the parameters "@T1" and so on to something more sensible as well.

While we are on the subject, stop taking VS defaults for names - you may remember today what "TextBox8" holds, but when you come back to makes changes in a weeks time? Or next month? Always use sensible names instead that describe what it is used for.

这篇关于来自vb应用程序的sql查询中的时间戳的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！