添加记录包含两个组合框vb.net访问 [英] add record contain two combobox vb.net access
问题描述
你好,
当我想添加新记录时,
i有两个组合框有问题:
i有3个表
产品(id_prdt,.....,idcat,idsup)
category_prodcut(idCatPrdt,.....)
供应商(id_sup,......)
i有一个表格包含产品的所有信息,两个组合框用于供应商,另一个用于categoryProduct 。
这是代码:
hello,
i have a problem with two combobox when i want to add new record:
i have 3 table
product (id_prdt,....., idcat,idsup )
category_prodcut(idCatPrdt,.....)
supplier(id_sup,......)
i have a form contain all the information for the product and two combobox one for supplier and the other for categoryProduct.
this is the code:
Try
CN.Open()
cmd5.Connection = CN
Dim dr5 As OleDbDataReader
cmd5.CommandText = "insert into Produits values('" & TextBox1.Text & "','" & TextBox2.Text & "','" & TextBox3.Text & "','" & TextBox4.Text & "','" & TextBox5.Text & "','" & TextBox6.Text & "','" & TextBox7.Text & "','" & TextBox8.Text & "','" & TextBox9.Text & "','" & TextBox10.Text & "','" & DateTimePicker1.Text & "','" & ComboBox1.Text & "','" & ComboBox2.Text & "')"
dr5 = cmd5.ExecuteReader
MsgBox("Enregistré avec succée") CN.Close()
Catch ex As Exception
End Try
表单加载我填充category_prodcut的组合;
in the form load i fill the combo of category_prodcut;
Try
Dim dr1 As OleDbDataReader
CN.Open()
cmd1.Connection = CN
cmd1.CommandText = "select * from Categories"
dr1 = cmd.ExecuteReader
Remplir_Liste_Produits()
While dr.Read
ComboBox2.Items.Add(dr.GetValue(1))
End While
CN.Close()
Catch ex As Exception
End Try
<pre lang="vb">
当我尝试使用代码填充第二个组合框时的问题我不知道没有错误也没有结果:
注意:两个表类别产品和供应商之间没有直接链接。
这个表格的代码加载:
The problem when i try to use code to fill the second combobox i didn't know no error and no result:
Note: no link direct between the two table category product and supplier.
this the code of the form load:
Private Sub Ajouter_Produit_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'Categories
Try
Dim dr As OleDbDataReader
CN.Open()
cmd.Connection = CN
cmd.CommandText = "select * from Categories "
dr = cmd.ExecuteReader
Remplir_Liste_Produits()
While dr.Read
ComboBox1.Items.Add(dr.GetValue(0).ToString)
End While
CN.Close()
Catch ex As Exception
End Try
'Fournisseurs
Try
Dim dr1 As OleDbDataReader
CN.Open()
cmd1.Connection = CN
cmd1.CommandText = "select * from Fournisseurs "
dr1 = cmd.ExecuteReader
Remplir_Liste_Produits()
While dr1.Read
ComboBox2.Items.Add(dr1.GetValue(1))
End While
CN.Close()
Catch ex As Exception
End Try
End Sub
感谢您的帮助
Thank you for help
推荐答案
您的方法从一开始就是错误的。通过串联从UI获取的字符串组成的查询。不仅重复的字符串连接是低效的(因为字符串是不可变的;我是否必须解释为什么它会使重复连接变坏?),但是有更重要的问题:它打开了通向良好的大门已知的漏洞称为 SQL注入。
这是它的工作原理: http://xkcd.com/327 。
你明白了吗?从控件中获取的字符串可以是任何东西,包括......一段SQL代码。
怎么办?只需阅读有关此问题和主要补救措施:参数化语句: http://en.wikipedia.org/ wiki / SQL_injection 。
使用ADO.NET,使用:http://msdn.microsoft.com/en-us/library/ff648339.aspx 。
请参阅我过去的答案有更多细节:
在com.ExecuteNonQuery中更新EROR( ); ,
嗨名字没有显示在名称中?。
-SA
Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.
This is how it works: http://xkcd.com/327.
Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.
What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.
With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.
Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.
—SA
这篇关于添加记录包含两个组合框vb.net访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!