如何使用ms.access 2007在VB.net中执行记录? [英] How to execute the record in VB.net with ms.access 2007?
问题描述
我在执行vb.net中的记录时遇到了一些问题.我正在使用Microsoft Access作为数据库.
当我使用这种语法进行乘法运算时,该记录显示在数据网格视图中,但该记录并没有完全保存在数据库中.有什么问题吗?
这是我的语法:
I''ve some problem in execute the record in vb.net. I''m using microsoft access as database.
When I run an aplication with this syntax, the record shown in data grid view, but the record wasn''t save corectly in database. What is the problem?
This my syntax:
Imports System.Data
Imports System.Data.OleDb
Public Class OlahData
Dim con As OleDbConnection
Dim cmd As OleDbCommand
Dim reader As OleDbDataReader
Dim constring As String
Dim SqlString As String
Dim numAffected As Integer
Private Sub OlahData_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
constring = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & My.Application.Info.DirectoryPath & "/FKIP.mdb ;Persist Security Info=True"
con = New OleDbConnection(constring)
con.Open()
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
SqlString = "Insert Into MataKuliah values ('" & id.Text.Trim & "','" & nama.Text.Trim & "','" & jurusan.Text.Trim & "','" & Val(sks.Text) & "')"
cmd = New OleDbCommand(SqlString, con)
numAffected = cmd.ExecuteNonQuery
MessageBox.Show(numAffected.ToString & "record berhasil di simpan")
End Sub
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
Dim ConnStr As String = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & My.Application.Info.DirectoryPath & "/FKIP.mdb;"
Dim Conn As OleDbConnection
Dim Ds As DataSet
Dim Da As OleDbDataAdapter
Dim SQL As String = "Select * From MataKuliah"
Try
Conn = New OleDbConnection(ConnStr)
Ds = New DataSet
Da = New OleDbDataAdapter(SQL, Conn)
Da.Fill(Ds, "MataKuliah")
gridview.DataSource = Ds.Tables("MataKuliah")
gridview.Dock = DockStyle.Fill
Catch
MessageBox.Show("tabel tidak dapat ditampilkan....!", "Database error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
Me.Close()
End Try
End Sub
End Class
推荐答案
首先,尝试将字段列表添加到INSERT语句中:
Firstly, try addingthe fields list to your INSERT statement:
SqlString = "Insert Into MataKuliah values ('" & id.Text.Trim & "','" & nama.Text.Trim & "','" & jurusan.Text.Trim & "','" & Val(sks.Text) & "')"
cmd = New OleDbCommand(SqlString, con)
numAffected = cmd.ExecuteNonQuery
成为:
Becomes:
SqlString = "INSERT INTO MataKuliah (id, nama, jurusan, sks) VALUES ('" & id.Text.Trim & "','" & nama.Text.Trim & "','" & jurusan.Text.Trim & "','" & Val(sks.Text) & "')"
cmd = New OleDbCommand(SqlString, con)
numAffected = cmd.ExecuteNonQuery
这可能使其正常工作.
然后,将值替换为Parameters:
That may make it work.
Then, replace the values with Parameters:
SqlString = "INSERT INTO MataKuliah (id, nama, jurusan, sks) VALUES (@ID, @NM, @JU, @SK"
cmd = New OleDbCommand(SqlString, con)
cmd.Parameters.AddWithValue("@ID", id.Text.Trim)
cmd.Parameters.AddWithValue("@NM", nama.Text.Trim)
cmd.Parameters.AddWithValue("@JU", jurusan.Text.Trim)
cmd.Parameters.AddWithValue("@SK", Val(sks.Text))
numAffected = cmd.ExecuteNonQuery
这消除了SQL注入攻击的可能性(并使代码更具可读性).
[edit]在未参数化的版本中添加了"sks"字段名称:腮红:-OriginalGriff [/edit]
This removes the chance of an SQL Injection attack (and makes the code more readable).
[edit]Added "sks" field name to non-parametrized version :blush: - OriginalGriff[/edit]
这篇关于如何使用ms.access 2007在VB.net中执行记录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!