无法将信息插入sqlce本地数据库 [英] Having trouble inserting info into sqlce local database

问题描述

我无法将信息插入我的日志表中。是的，与数据库的连接正常，因为它在表单的数据网格视图中显示其内容。数据库只是不接受插入。 （请不要说读一本书，或者在互联网上查看我已经有一个多星期了）现在我感到很困惑。这是代码

I am unable to insert info into my log table. Yes the connection to data base works as it is showing its contents in data grid view on form. The data base just won't accept the insert. ( Please don't say read a book, or look on internet I have been for over a week) Now all I am is confused. Here is the code

Private Sub BtnLog_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles BtnLog.Click
       Dim SqlConn As New SqlCeConnection
       Dim SqlCmd As New SqlCeCommand

       SqlConn.ConnectionString = ("DataSource = My_Logger.sdf;")

       Try
           SqlConn.Open()

           Dim StrInsert As String
           StrInsert = ("LDate,LTime,HCall,State,County,Band,Freq,Mode,MCall,HRST,YRST,HOper,MOper,RunStart,RunEnd,NetDuration) Values ('" & TextBox2.Text & "','" & CbxState.Text & "','" & CbxCounty.Text & "','" & ComboBox1.Text & "','" & ComboBox2.Text & "','" & ComboBox5.Text & "','" & TextBox1.Text & "','" & ComboBox3.Text & "','" & ComboBox4.Text & "','" & ComboBox6.Text & "','" & TextBox4.Text & "','" & TextBox4.Text & "','" & TextBox5.Text & "')")

           Dim Reader As SqlCeDataReader

           Dim SqlNonQuery As String
           SqlNonQuery = "insert into Log  (StrInsert)"


           SqlCmd = New SqlCeCommand(SqlNonQuery, SqlConn)
           Reader = Command.ExecuteReader

           ' SqlConn.Close()

           MsgBox("Data is Saved")
           SqlConn.Close()

       Catch ex As Exception
           MsgBox(ex.Message)
           'Make Sure Connection Is Closed
           If ConnectionState.Open Then
               SqlConn.Close()
           End If
       End Try



   End Sub

请帮助新手这需要一些帮助??????



我尝试了什么：



我已经编写了一些代码，如教程中所示，我认为问题在于它们是ACCess数据库和完整的服务器数据库。

Please help new to this just need some help??????

What I have tried:

I have written the code a couple of ways as were shown in tutorials, I think the problem with that was they were ACCess data base and full blown server database's.

推荐答案

我从哪里开始？首先，您使用字符串连接来构建SQL查询。这是一个巨大的安全问题。谷歌为SQL注入攻击找出原因。接下来，谷歌进行VB.NET参数化查询以缓解问题。哦，一个很好的副作用就是你可以获得更好的可调试代码。



接下来，你有这个：

Where do I begin? First, you're using string concatenation to build your SQL query. This is a HUGE security problem. Google for "SQL Injection Attack" to find out why. Next, Google for "VB.NET parameterized queries" to mitigate the problem. Oh, and a nice side effect of that is you get far better debuggable code out of it.

Next, you've got this:

SqlNonQuery = "insert into Log  (StrInsert)"

嗯...你使用字符串连接来构建SQL查询然后你完全忘记了如何使用字符串连接来完成构建查询？我宁愿你根本不使用concatentation并且正确地完成整个查询，而不是将这个可怕的代码用于工作。



哦，和SqlCe ，至少版本5，已弃用，自2016年4月12日起不再受支持。您可能希望转移到更新的数据库引擎，如SQL Express，LocalDb，SqlLite或其他任何内容。

Ummmm... you used string concatenation to build the SQL query and then you completely forget how to use string concatenation to finish building the query? I'd rather you didn't use concatentation at all and did the whole query thing properly instead of band-aiding this horrible code into working.

Oh, and SqlCe, at least version 5, is deprecated and no longer supported as of 4/12/16. You might want to move to a more current database engine, like SQL Express, LocalDb, SqlLite, or whatever.

这篇关于无法将信息插入sqlce本地数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！