为什么我的程序仅在运行时添加到数据库,并且当我关闭程序时不使用访问数据库保存 [英] Why does my program add to database only on runtime and does not save when I close the program, am using access database
问题描述
请我在vb.net上创建这个程序,添加用户,它运行成功,但它只保存在运行时,但是当我去数据库时它不保存任何文件,除了我在数据库上创建的那个...我使用Access数据库。谢谢,这是程序的代码。
Private Sub Button1_Click(发送者作为对象,e作为EventArgs)处理Button1.Click
'cn.Open()
Dim er As Integer = 0
如果TextBox1.Text =或TextBox2.Text =或TextBox3.Text =或TextBox4.Text =或TextBox5.Text =或ComboBox1.Text =然后
er = 1
MsgBox(请填写所有细节。 )
结束如果
'插入
如果er = 0则
尝试
cmd.Connection = cn
cmd.CommandText =INSERT INTO [Users]([Username],[Password],[FirstName],[LastName],[UID],[UType])VALUES ('& TextBox2.Text&','& TextBox3.Text&','& TextBox4.Text&','& TextBox5.Text&',' & TextBox1.Text&','& ComboBox1.Text&');
cmd.ExecuteNonQuery()
'MsgBox(New Class Added。)
MsgBox(帐户已创建,MsgBoxStyle。信息,恭喜!)
对于淡入淡出= 0.0到1.1步骤0.2
Login.Opacity =淡入淡出
Login.Show()
Me.Hide()
Threading.Thread.Sleep(30)
TextBox1.Clear()
TextBox2.Clear()
TextBox3.Clear()
TextBox4.Clear()
TextBox5.Clear( )
ComboBox1.ResetText()
下一页
Catch ex As Exception
MsgBox(ex.Message,MsgBoxStyle.Critical)
TextBox1.Clear()
TextBox 2.Clear()
TextBox3.Clear()
TextBox4.Clear()
TextBox5.Clear()
ComboBox1.ResetText()
结束尝试
'插入关闭
结束如果
'cn.Close()
结束次级
结束班级
什么我试过了:
创建新表,更改一些变量,添加一些代码,调整代码,在线搜索一些答案但是没有有什么。所以现在我很尊敬你们,因为我喜欢你们如何回答人们的问题。
Please i created this program on vb.net, to add users, it run successfully but it only save on runtime, but when i go to the database it does not save any file there, except the one's i create on the database... i use Access database. Thanks, this is the code for the program.
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
'cn.Open()
Dim er As Integer = 0
If TextBox1.Text = "" Or TextBox2.Text = "" Or TextBox3.Text = "" Or TextBox4.Text = "" Or TextBox5.Text = "" Or ComboBox1.Text = "" Then
er = 1
MsgBox("Please Fill All The Detail's.")
End If
'insert
If er = 0 Then
Try
cmd.Connection = cn
cmd.CommandText = "INSERT INTO [Users] ([Username],[Password],[FirstName],[LastName],[UID],[UType]) VALUES('" & TextBox2.Text & "','" & TextBox3.Text & "','" & TextBox4.Text & "','" & TextBox5.Text & "','" & TextBox1.Text & "','" & ComboBox1.Text & "');"
cmd.ExecuteNonQuery()
'MsgBox("New Class Added.")
MsgBox("Account has been created", MsgBoxStyle.Information, "Congrats!")
For fade = 0.0 To 1.1 Step 0.2
Login.Opacity = fade
Login.Show()
Me.Hide()
Threading.Thread.Sleep(30)
TextBox1.Clear()
TextBox2.Clear()
TextBox3.Clear()
TextBox4.Clear()
TextBox5.Clear()
ComboBox1.ResetText()
Next
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Critical)
TextBox1.Clear()
TextBox2.Clear()
TextBox3.Clear()
TextBox4.Clear()
TextBox5.Clear()
ComboBox1.ResetText()
End Try
'insert closed
End If
'cn.Close()
End Sub
End Class
What I have tried:
creating new tables, changing some variables, adding some codes, adjusting the codes, and search online for some answers but havn't got any. so right now am looking up to you guys, cos i like how you respond to peoples questions.
推荐答案
cmd.CommandText = "INSERT INTO [Users] ([Username],[Password],[FirstName],[LastName],[UID],[UType]) VALUES('" & TextBox2.Text & "','" & TextBox3.Text & "','" & TextBox4.Text & "','" & TextBox5.Text & "','" & TextBox1.Text & "','" & ComboBox1.Text & "');"
不是您问题的解决方案,而是您遇到的另一个问题。
永远不要通过连接字符串来构建SQL查询。迟早,您将使用用户输入来执行此操作,这会打开一个名为SQL注入的漏洞,这对您的数据库很容易并且容易出错。
名称中的单引号你的程序崩溃。如果用户输入像Brian O'Conner这样的名称可能会使您的应用程序崩溃,那么这是一个SQL注入漏洞,崩溃是最少的问题,恶意用户输入,并且它被提升为具有所有凭据的SQL命令。
SQL注入 - 维基百科 [ ^ ]
SQL注入 [ ^ ]
按示例进行SQL注入攻击 [ ^ ]
PHP:SQL注入 - 手册 [ ^ ]
SQL注入预防备忘单 - OWASP [ ^ ]
Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
开始时不这样做!永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。改为使用参数化查询。
连接字符串时会导致问题,因为SQL会收到如下命令:
Start off by not doing it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'就SQL而言,用户添加的引号会终止字符串,并且您会遇到问题。但情况可能更糟。如果我来并改为输入:x'; DROP TABLE MyTable; - 然后SQL收到一个非常不同的命令:
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'哪个SQL看作三个单独的命令:
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';完全有效的SELECT
A perfectly valid SELECT
DROP TABLE MyTable;完全有效的删除表格通讯和
A perfectly valid "delete the table" command
--'其他一切都是评论。
所以它确实:选择任何匹配的行,从数据库中删除表,并忽略其他任何内容。
所以总是使用参数化查询!或者准备好经常从备份中恢复数据库。你定期做备份,不是吗?
之后,你需要准确看看发生了什么 - 假设你没有在MsgBox中显示错误但是获取已创建帐户,直接查看您的数据文件。
插入新行,然后手动查看Access文件而不关闭您的应用程序。你能看到新的数据吗?
如果你不能,你看错了文件:检查你的连接字符串。
如果可以的话,关闭文件查看器,然后关闭您的应用程序。再看一下Access文件:你能看到新数据吗?
如果你不能,你需要查看其余的代码,看看你在做什么连接。你有交易运行吗?您是否在任何地方提交?
如果可以,请关闭查看器,然后再次运行您的应用程序。不对您的应用程序执行任何操作,并再次查看Access文件。你能看到你在那里添加的数据了吗?
如果你不能,你正在复制新版本的文件:如果你将Access文件添加到你的文件中可能是一个VS功能项目 - 检查文件属性。
如果可以,它应该在您的应用程序中可见 - 如果不是,您需要确切了解您的应用程序如何获取它显示的信息。 />
很抱歉,但我们不能为您做任何事情!
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
After that, you need to look at exactly what is happening - assuming that you have no errors showing in a MsgBox but get the "Account has been created" instead, look directly at your data file.
INSERT the new row, and then manually look at the Access file without closing your application. Can you see the new data?
If you can't, you are looking at the wrong file: check your connection string.
If you can, close the file viewer, and then close your application. Look again at the Access file: Can you see the new data?
If you can't, you need to look at the rest of your code to find out what you are doing with the connection. Do you have a transaction running? Do you Commit it anywhere?
If you can, close the viewer, and run your app again. Do nothing with your app, and view the Access file again. Can you see the data you added there?
If you can't, you are copying a old version of the file over the new: that may be a VS feature if you added the Access file to your project - check the file properties.
If you can, it should be visible in your app - if it isn't you need to look at exactly how your app is getting the info it displays.
Sorry, but we can't do any of that for you!
感谢您的所有答案,我找到了一条路解决我实际问的问题...因为我是新手,所以我不明白所有这些sql的东西,你们都在谈论。非常感谢
我发现为了保存你的数据库,你必须改变复制到输出目录
1你去解决方案资源管理器
2.点击数据库
3.转到属性
4.更改'COPY TO OUTPUT目录收件人如果更新则复制
全部......
Thanks for all your answers, i just found a way of solving what i actually asked... sincerly am new into this, so i don't understand all this sql stuffs, you guys are talking about. thanks anyways
well i found out for this to save your database, you ll have to change the "copy to output directory"
1. you go to the solution explorer
2. click on the database
3. go to the properties
4. change 'COPY TO OUTPUT DIRECTORY" TO " COPY IF NEWER"
that all...
这篇关于为什么我的程序仅在运行时添加到数据库,并且当我关闭程序时不使用访问数据库保存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
