ID很重要。编译时,它在textbox1.text中显示出一些问题 [英] ID IS bigint. while compiling it is showing some problem in textbox1.text
问题描述
导入Microsoft.SqlServer
导入System.Data
导入System.Data.SqlClient
公共类Form1
Public con As New SqlConnection
Public cmd As New SqlCommand
Public Sub clearData()
TextBox1.Text =
TextBox2.Text =
TextBox3.Text =
TextBox4.Text =
TextBox5.Text =
TextBox6.Text =
TextBox7.Text =
TextBox8.Text =
TextBox9.Text =
TextBox10.Text =
TextBox11.Text =
TextBox12.Text =
TextBox13.Text =
End Sub
Public Sub CreateCommand(ByVal queryString As String, ByVal connectionString As String)
con =新的SqlConnection(connectionString)
con.Open()
cmd =新的SqlCommand(queryString,con)
cmd.ExecuteNonQuery()
结束子
私有子cmdSave_Click(ByVal sender As System.Object,ByVal e As System.EventArgs)处理cmdSave.Click
Dim connetionString As String
Dim sqlquery As String
connetionString =数据源= Home-pc\SQLEXPRESS;初始目录=学校; Integrated Security = True
Dim ID As String
Dim StudentName As String
Dim FatherName As String
Dim Address1 As String
Dim Address2 As String
Dim City As String
Dim Pincode As String
Dim Standard As字符串
Dim Section As String
Dim Fees As String
Dim Joining As String
Dim Stream As String
Dim Phone As String
ID = TextBox1.Text
StudentName = TextBox2.Text
FatherName = TextBox3.Text
地址1 = TextBox4.Text
地址2 = TextBox5.Text
City = TextBox6.Text
Pincode = TextBox7.Text
Standard = TextBox8.Text
Section = TextBox9.Text
费用= TextBox10。文字
Joining = TextBox11.Text
Stream = TextBox12.Text
Phone = TextBox13.Text
sqlquery =插入StudentMaster(学生姓名,父姓,地址1,地址2,城市,Pincode,标准,部分,费用,加入,流,电话)值(TextBox1.Text,'+ TextBox2.Text + ','+ TextBox3.Text +','+ TextBox4.Text +',
'+ TextBox5.Text +','+ TextBox6.Text + ','+ TextBox7.Text +','+ TextBox8.Text +','+ TextBox9.Text +',TextBox10.Text,
'+ TextBox11.Text +','+ TextBox12.Text +','+ TextBox13.Text +')
尝试
CreateCommand(sqlquery,connetionString)
MsgBox(数据已成功存储! )
clearData()
Catch ex As Exception
MessageBox.Show(在桌面上插入记录时出错...&ex .Message,插入记录)
最后
con.Close()
结束尝试
End Sub
Private Sub cmdCancel_Click(ByVal sender As System.Object,ByVal e As System.EventArgs)处理cmdcancel.Click
关闭()< br $>
End Sub
Private Sub frmLogin_Load(ByVal sender As System.Object,ByVal e As System.EventArgs)处理MyBase.Load
TextBox1.Text =
TextBox2.Text =
TextBox3.Text =
TextBox4.Text =
TextBox5.Text =
TextBox6.Text =
TextBox7.Text =
TextBox8.Text =
TextBox9.Text =
TextBox10.Te xt =
TextBox11.Text =
TextBox12.Text =
TextBox13.Text =
End Sub
Private Sub Label1_Click(ByVal sender As System.Object,ByVal e As System.EventArgs)处理Label1 .Click
End Sub
Private Sub Cmdsave_Click_1(ByVal sender As System.Object,ByVal e As System.EventArgs)处理Cmdsave.Click
End Sub
Private Sub TextBox7_TextChanged(ByVal sender As System .Object,ByVal e As System.EventArgs)处理TextBox7.TextChanged
End Sub
Private Sub Label3_Click(ByVal sender As System.Object,ByVal e As System.EventArgs)Handles Label3.Click
End Sub
Private Sub Label7_Click(ByVal sender As System.Object,ByVal e As System.EventArgs)处理Label7.Click
结束子
结束类
虽然Mehdi是对的 - 这可能会开始解决你的直接问题,它让您对SQL注入攻击持开放态度,这可能会破坏或破坏您的数据库。
永远不要连接字符串以形成SQL命令 - 这真的很危险!总是使用参数化查询。
BTW:帮自己一个忙,并停止使用Visual Studio默认名称 - 你可能还记得TextBox8是手机号码今天,但是当你需要修改它是三个星期的时间,那么你呢?使用描述性名称 - 例如tbMobileNo - 您的代码变得更容易阅读,更自我记录,更易于维护 - 并且编码速度更快,因为Intellisense可以通过三次击键来tbMobile,其中TextBox8需要思考大概和8次击键......
你需要在TextBox1.Text周围加上引号 - > ...( + TextBox1.Text +,... Imports Microsoft.SqlServer
Imports System.Data
Imports System.Data.SqlClient
Public Class Form1
Public con As New SqlConnection
Public cmd As New SqlCommand
Public Sub clearData()
TextBox1.Text = ""
TextBox2.Text = ""
TextBox3.Text = ""
TextBox4.Text = ""
TextBox5.Text = ""
TextBox6.Text = ""
TextBox7.Text = ""
TextBox8.Text = ""
TextBox9.Text = ""
TextBox10.Text = ""
TextBox11.Text = ""
TextBox12.Text = ""
TextBox13.Text = ""
End Sub
Public Sub CreateCommand(ByVal queryString As String, ByVal connectionString As String)
con = New SqlConnection(connectionString)
con.Open()
cmd = New SqlCommand(queryString, con)
cmd.ExecuteNonQuery()
End Sub
Private Sub cmdSave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdSave.Click
Dim connetionString As String
Dim sqlquery As String
connetionString = "Data Source=Home-pc\SQLEXPRESS; Initial Catalog=School; Integrated Security=True"
Dim ID As String
Dim StudentName As String
Dim FatherName As String
Dim Address1 As String
Dim Address2 As String
Dim City As String
Dim Pincode As String
Dim Standard As String
Dim Section As String
Dim Fees As String
Dim Joining As String
Dim Stream As String
Dim Phone As String
ID = TextBox1.Text
StudentName = TextBox2.Text
FatherName = TextBox3.Text
Address1 = TextBox4.Text
Address2 = TextBox5.Text
City = TextBox6.Text
Pincode = TextBox7.Text
Standard = TextBox8.Text
Section = TextBox9.Text
Fees = TextBox10.Text
Joining = TextBox11.Text
Stream = TextBox12.Text
Phone = TextBox13.Text
sqlquery = "insert into StudentMaster(Studentname,fathername,address1,address2,City,Pincode,standard,section,fees,joining,stream,phone) Values (TextBox1.Text,'" + TextBox2.Text + "','" + TextBox3.Text + "','" + TextBox4.Text + "',"
'" + TextBox5.Text + "','" + TextBox6.Text + "','" + TextBox7.Text + "','" + TextBox8.Text + "','" + TextBox9.Text + "',TextBox10.Text,
'" + TextBox11.Text + "','" + TextBox12.Text + "','" + TextBox13.Text + "')"
Try
CreateCommand(sqlquery, connetionString)
MsgBox("Data is successfully stored ! ")
clearData()
Catch ex As Exception
MessageBox.Show("Error while inserting record on table..." & ex.Message, "Insert Records")
Finally
con.Close()
End Try
End Sub
Private Sub cmdCancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdcancel.Click
Close()
End Sub
Private Sub frmLogin_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
TextBox1.Text = ""
TextBox2.Text = ""
TextBox3.Text = ""
TextBox4.Text = ""
TextBox5.Text = ""
TextBox6.Text = ""
TextBox7.Text = ""
TextBox8.Text = ""
TextBox9.Text = ""
TextBox10.Text = ""
TextBox11.Text = ""
TextBox12.Text = ""
TextBox13.Text = ""
End Sub
Private Sub Label1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label1.Click
End Sub
Private Sub Cmdsave_Click_1(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Cmdsave.Click
End Sub
Private Sub TextBox7_TextChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles TextBox7.TextChanged
End Sub
Private Sub Label3_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label3.Click
End Sub
Private Sub Label7_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label7.Click
End Sub
End Class
While Mehdi is right - that will probably start to solve your immediate problem, it leave you wide open to SQL Injection attacks, which can damage or destroy your database.
Never concatenate strings to form an SQL command - it's really dangerous! Always use parameterized queries instead.
BTW: Do yourself a favour, and stop using Visual Studio default names for everything - you may remember that "TextBox8" is the mobile number today, but when you have to modify it is three weeks time, will you then? Use descriptive names - "tbMobileNo" for example - and your code becomes easier to read, more self documenting, easier to maintain - and surprisingly quicker to code because Intellisense can get to to "tbMobile" in three keystrokes, where "TextBox8" takes thinking about and 8 keystrokes...
You need to put quotes around the TextBox1.Text -> ...('"+TextBox1.Text+"',...这篇关于ID很重要。编译时,它在textbox1.text中显示出一些问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
