如何清除错误？为什么这段代码不起作用？ [英] How to clear the errors? why isn't this code working?

问题描述

帮助帮助



我正在介绍我的大学项目，我正在尝试建立一个书店收据打印并将打印的详细信息存储到Ms.Access这将是一个使用visual basic 2013的应用程序项目之一。我正在接受教程的帮助但被卡住了。

请大家帮助我。

i am给出项目链接，如果它可以帮助你建议我最好的解决方案



http://www.mediafire.com/download/skyuq7gbmup24ip/receipt+test+with+backup.rar [ ^ ]





1>

HELP HELP HELP

I am in middle of presenting my college project, i was trying to build a bookstore receipt printing and storing the printed details to Ms.Access which would be a one of a kind application project using visual basic 2013. I was taking the help of the Tutorials but got stuck.
please guys help me out.
i am giving out the project link if it might help you suggest me the best solution

http://www.mediafire.com/download/skyuq7gbmup24ip/receipt+test+with+backup.rar[^]


1>

int total = 0;
          float cash = float.Parse(txtCash.Text.Substring(1,5));
          float change = 0.00f;
          float price = float.Parse(txtPrice.Text.Substring(1,3));
          float QTY = float.Parse(txtQTY.Text.Substring(1,2));

####每当我在现金文本框中输入一百个值时，它会显示错误mscorlib.dll中出现类型'System.ArgumentOutOfRangeException'的未处理异常显示第二行有错误







2>

#### whenever i enter a hundred value in the cash textbox it shows error "An unhandled exception of type 'System.ArgumentOutOfRangeException' occurred in mscorlib.dll" showing the second line with error



2>

public void Insert(Person p)
       {
           try
           {
               command.CommandText = "INSERT INTO Tinfo(ProductName, ProductPrice, QTY, TO) VALUES ("+p.ProductName+", "+p.ProductPrice+", "+p.Qty+", "+p.To+")";
               command.CommandType = CommandType.Text;
               Connection.Open();
 
               command.ExecuteNonQuery();
            }
           catch (Exception)
           {
 
               throw;
           }
           finally
           {
               if (Connection != null)
               {
                   Connection.Close();
               }

####每当我点击保存按钮时它会说会话中发生了'System.Data.OleDb.OleDbException'类型的未处理异常。 dll



附加信息：INSERT INTO语句中的语法错误。显示throw并显示错误。

#### whenever i click save button it says "An unhandled exception of type 'System.Data.OleDb.OleDbException' occurred in Session.dll

Additional information: Syntax error in INSERT INTO statement." showing "throw" with error.

推荐答案

参见 https://msdn.microsoft.com/en-us/library/26sxas5t(v = vs.110）.aspx [ ^ ]以便更好地将字符串解析为浮点数。此外，除非可以保证数据符合预期，否则不应使用固定长度的子串。

See https://msdn.microsoft.com/en-us/library/26sxas5t(v=vs.110).aspx[^] for a better way of parsing strings to floats. Also, you should not use Substring with fixed lengths unless you can guarantee that the data will be as expected.

1。由于 SubString ，您收到错误 - 您引用的长度超过实际文本。尝试

1. You are getting an error because of the SubString - you are quoting a length longer than the actual text. Try

float cash = float.Parse(txtCash.Text);

实际上使用 tryparse [ ^ ]哪个更好



2.永远不要使用字符串连接来构建你的sql语句 - 它让你容易受到 SQL注入 [ ^ ] - 使用参数化查询 [ ^ ]。



这可能完全解决问题省略了 ProductName 和c周围的单引号ommand参数将为你处理

In fact use tryparse[^] which is even better

2. Never use string concatenation to build your sql statements - it leaves you vulnerable to SQL Injection[^] - use Parameterised Queries [^] instead.

That may well solve the problem entirely as you have omitted the single quotes around the ProductName and the command parameter will handle that for you

这是你的作业 - 所以只是给你一个解决方案在实践中没有多大帮助。

相反，我我会帮忙，告诉你如何解决它。



首先将你的第一个代码更改为：

This is your homework - so just giving you a "solution" won't help much in practice.
Instead, I'll help a bit, and show you how to work out how to fix it.

Start by changing your first code to this:

int total = 0;
string strCash = txtCash.Text;
strCash = strCash.SubString(1, 5);
float cash = float.Parse(strCash);
float change = 0.00f;
strPrice = txtPrice.Text;
strPrice = strPrice.Substring(1,3);
float price = float.Parse(strPrice);
string strQty = txtQTY.Text;
strQty = strQty.Substring(1,2);
float QTY = float.Parse(strQty);

现在，在该代码的第一行放置一个断点，然后在调试器中运行app。当它到达第一行时，调试器将停止并等待您告诉它该做什么。

依次逐步遍历每一行，使用调试器来示例每一步的变量（这是为什么我将你的代码分解成单独的语句 - 更容易查看变量并查看到底发生了什么。

你传递给 float.Parse的值是什么？为什么？你从什么开始，你期望通过什么？



这应该让你开始那个！



第二个更难，因为调试器对你没有多大帮助 - 你所拥有的是易受SQL注入攻击的代码，你这样做的方式就是为什么你会在同时。



当你连接字符串以形成一个SQL命令时，你冒着将用户输入作为命令的一部分进行评估的风险 - 所以如果你的用户输入错误的东西，他可能会意外或故意损坏或删除您的数据库。您需要始终使用参数化查询！

Now, put a breakpoint on the first line in that code, and run you app in the debugger. When it reaches the first line, the debugger will stop and wait for you to tell it what to do.
Step through each line in turn, using the debugger to example the variables at each step (which is why I "broke out" your code into separate statements - it's easier to look at the variables and see exactly what is happening).
What value are you passing to float.Parse? Why? What did you start with, and what did you expect to pass?

That should get you started on that one!

The second is harder, because the debugger can't help you much - what you have is code that is vulnerable to SQL Injection, and the way you are doing that is part of why you are getting an error at the same time.

When you concatenate strings to form an SQL command, you run the risk that the user input will be evaluated as part of the command - so if your user types the wrong thing he can accidentally or deliberately damage or delete your database. You need to use parameterised queries instead at all times!

这篇关于如何清除错误？为什么这段代码不起作用？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！