保存输入的数据时，显示此错误“从字符串“插入到StMaster（ID，Studen”到“Double”类型）的转换无效。 [英] while saving the data entered it is showing this error" Conversion from string "insert into StMaster (ID, Studen" to type 'Double' is not valid.)

问题描述

'Imports Microsoft.SqlServer
Imports System.Data
Imports System.Data.SqlClient
'Public Class Form1

'    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

'    End Sub
'End Class
Public Class Form1
    Public con As New SqlConnection
    Public cmd As New SqlCommand
    Public Sub clearData()
        TextBox1.Text = ""
        TextBox2.Text = ""
        TextBox3.Text = ""
        TextBox4.Text = ""
        TextBox5.Text = ""
        TextBox6.Text = ""
        TextBox7.Text = ""
        TextBox8.Text = ""
        TextBox9.Text = ""
        TextBox10.Text = ""
        MaskedTextBox1.Text = ""
        TextBox12.Text = ""
        TextBox13.Text = ""
    End Sub

    Public Sub CreateCommand(ByVal queryString As String, ByVal connectionString As String)
        con = New SqlConnection(connectionString)
        con.Open()
        cmd = New SqlCommand(queryString, con)
        cmd.ExecuteNonQuery()
    End Sub

    Private Sub cmdSave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdSave.Click
        Dim connetionString As String
        Dim sqlquery As String
        connetionString = "Data Source=Home-pc\SQLEXPRESS; Initial Catalog=School; Integrated Security=True"
        Dim ID As Integer
        Dim StudentName As String
        Dim FatherName As String
        Dim Address1 As String
        Dim Address2 As String
        Dim City As String
        Dim Pincode As Integer
        Dim Standard As String
        Dim Section As String
        Dim Fees As Integer
        Dim Joining As String
        Dim Stream As String
        Dim Phone As String
        'End Sub
        'Sub Main()
        'End Sub
        '    Function cDate (value as object ) As date
        ID = Val(TextBox1.Text & "")
        StudentName = TextBox2.Text
        FatherName = TextBox3.Text
        Address1 = TextBox4.Text
        Address2 = TextBox5.Text
        City = TextBox6.Text
        Pincode = Val(TextBox7.Text & "")
        Standard = TextBox8.Text
        Section = TextBox9.Text
        Fees = Val(TextBox10.Text & "")
        Joining = MaskedTextBox1.Text
        Stream = TextBox12.Text
        Phone = TextBox13.Text

        If IsDate(Joining) Then
            sqlquery = "insert into StMaster (ID, StudentName , FatherName , Address1 , Address2, City, Pincode, standard, section, fees, joining, stream, phone) Values (" + ID + ",'" + StudentName + "','" + FatherName + "','" + Address1 + "','" + Address2 + "','" + City + "'," + Pincode + ",'" + Standard + "','" + Section + "'," + Fees + ",'" + FormatDateTime(Joining, ("dd/MMM/yyyy")) + "','" + Stream + "','" + Phone + "')"

            Try
                CreateCommand(sqlquery, connetionString)
                MsgBox("Data is successfully stored ! ")
                clearData()
            Catch ex As Exception
                MessageBox.Show("Error while inserting record on table..." & ex.Message, "Insert Records")
            Finally
                con.Close()
            End Try
        Else
            MsgBox("DATE FORMAT IS NOT CORRECT")
        End If
    End Sub

    Private Sub cmdCancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdcancel.Click
        Close()
    End Sub

    Private Sub frmLogin_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        TextBox1.Text = ""
        TextBox2.Text = ""
        TextBox3.Text = ""
        TextBox4.Text = ""
        TextBox5.Text = ""
        TextBox6.Text = ""
        TextBox7.Text = ""
        TextBox8.Text = ""
        TextBox9.Text = ""
        TextBox10.Text = ""
        MaskedTextBox1.Text = ""
        TextBox12.Text = ""
        TextBox13.Text = ""
        TextBox1.Focus()
    End Sub

    Private Sub Label1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label1.Click

    End Sub

    Private Sub Cmdsave_Click_1(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Cmdsave.Click

    End Sub

    Private Sub TextBox7_TextChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles TextBox7.TextChanged

    End Sub

    Private Sub Label3_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label3.Click

    End Sub

    Private Sub Label7_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label7.Click

    End Sub
End Class

[信息]使用正确的格式 - Maciej Los [/ Info]

[Info]Use proper formatting - Maciej Los[/Info]

推荐答案

永不连接用于形成SQL命令的字符串！它让您对SQL注入攻击持开放态度，这可能会破坏或破坏您的数据库。总是使用参数化查询。



这样做可以同时解决您的问题 - 并使您的代码更具可读性。

Never concatenate strings to form an SQL command! It leaves you wide open to SQL Injection Attack which can damage or destroy your database. Always use parametrised queries instead.

And doing that will get rid of your problem at the same time - as well as making your code more readable.

检查您的id值类型。如错误所示，从字符串到double的转换无效。

使用命令参数 [ ^ ]以避免陷入此类问题。

Check your id value type. As the error suggests, conversion from string to double is not valid.
Use command parameters[^] to avoid getting into this kind of issues.

这篇关于保存输入的数据时，显示此错误“从字符串“插入到StMaster（ID，Studen”到“Double”类型）的转换无效。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！