酒店预订系统（房间可用性） [英] Hotel booking system (room availability)

问题描述

我正在制作酒店预订系统。我有15个按钮代表每个房间。一旦选择了日期，如果房间已被预订，那么我需要带有房间号的按钮变为红色且无法选择。但是，我还需要按钮为红色，时间在日期和日期之间。



所以基本上，我需要搜索访问数据库选择的日期，将按钮变为红色，数字与数据库中的房间号相同，不允许在日期和日期之间进行预订。



我不知道从哪里开始，因为我对编程很陌生。



我尝试了什么：



我试过这个，但这远不是我需要的。

 Dim BookingFound As String = False 
 MyConn = New OleDbConnection 
 
 MyConn.ConnectionString = connString 
 MyConn.Open（）
 
 str1 =（SELECT * FROM [BookingInformation] WHERE [Date In] = ＃& dtpDateIn.Value.Date&＃）
 
 Dim cmd1 As OleDbCommand = New OleDbCommand（str1，MyConn）
 dr = cmd1.ExecuteReader 
 
而博士ead（）
 BookingFound = True 
 
 strDateOut = dr（Date Out）。ToString 
 strDateIn = dr（Date In）。ToString 
 strRoomNumber = dr（房间号码）。ToString 
 
如果BookingFound = True则
 
结束如果
 
 
结束时
 MyConn.Close（）
 End Sub 
 

解决方案

这是VB6和VB.NET的一个例子可用代码：酒店预订系统 [ ^ ]



另一个，使用VB.NET和ACCESS：简单的酒店管理系统使用VB.Net |免费的源代码，教程和文章 [ ^ ]

Quote：

如果房间已被预订，那么我需要带有房间号的按钮变成红色而无法选择。但是，我还需要按钮为红色，时间在日期和日期之间。

看起来你的陈述缺少一些大的东西。

假设在星期六，预订1至10房间，并在星期日预订10至15房间。

凭借您的对帐单，您无法为这2天预订房间，因为没有在此期间可以使用房间。

您缺少的解决方案是将周日预订转移到另一个房间的功能，该房间为这两天免费提供房间。

超过2晚，您可能需要移动更多预订才能在此期间免费入住。

----

 str1 =（  SELECT * FROM [BookingInformation] WHERE [Date In] =＃& dtpDateIn .Value。日期&  ＃）

不是你问题的解决方案，b你有另一个问题。

永远不要通过连接字符串来构建SQL查询。迟早，您将使用用户输入来执行此操作，这会打开一个名为SQL注入的漏洞，这对您的数据库很容易并且容易出错。

名称中的单引号你的程序崩溃。如果用户输入像Brian O'Conner这样的名称可能会使您的应用程序崩溃，那么这是一个SQL注入漏洞，崩溃是最少的问题，恶意用户输入，并且它被提升为具有所有凭据的SQL命令。

SQL注入 - 维基百科 [ ^ ]

SQL注入 [ ^ ]

按示例进行SQL注入攻击 [ ^ ]

PHP：SQL注入 - 手册 [ ^ ]

SQL注入预防备忘单 - OWASP [ ^ ]

I'm making a Hotel Booking System. I have 15 buttons representing each room. Once the date in has been selected, if a room has been booked, then I need the button with the room number on it to turn red and cannot be selected. However, I also need the button to be red with the time in-between the date in and date out.

So basically, I need to search the access database with the date that has been selected, which turns the button red with the same number as the room number in the database and doesn't allow a booking between the Date In and Date Out.

I have no idea where to start since I am pretty new to programming.

What I have tried:

I have tried this but this is nowhere near what I need.

Dim BookingFound As String = False
      MyConn = New OleDbConnection

      MyConn.ConnectionString = connString
      MyConn.Open()

      str1 = ("SELECT * FROM [BookingInformation] WHERE [Date In] = #" & dtpDateIn.Value.Date & "#")

      Dim cmd1 As OleDbCommand = New OleDbCommand(str1, MyConn)
      dr = cmd1.ExecuteReader

      While dr.Read()
          BookingFound = True

          strDateOut = dr("Date Out").ToString
          strDateIn = dr("Date In").ToString
          strRoomNumber = dr("Room Number").ToString

          If BookingFound = True Then

          End If


      End While
      MyConn.Close()
  End Sub

解决方案

Here is an example, both VB6 and VB.NET code available: Hotel Reservation System[^]

And another one, using VB.NET and ACCESS: Simple Hotel Management System Using VB.Net | Free source code, tutorials and articles[^]

Quote:

if a room has been booked, then I need the button with the room number on it to turn red and cannot be selected. However, I also need the button to be red with the time in-between the date in and date out.

Looks like your statement is missing something big.
Say that on Saturday, rooms 1 to 10 are booked, and on Sunday, rooms 10 to 15 are booked.
With your statement, you can't book a room for those 2 days because no room is available over this period.
The solution you are missing is the feature to move a booking on Sunday to another room, which free a room for those 2 days.
For more than 2 nights, you may have to move more bookings in order to free a room over the period.
----

str1 = ("SELECT * FROM [BookingInformation] WHERE [Date In] = #" & dtpDateIn.Value.Date & "#")

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]

这篇关于酒店预订系统（房间可用性）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！