如何更新记录? [英] How Can I Update A Record
本文介绍了如何更新记录?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
大家好,
i只想更新表中的一条记录而不使用where语句
i认为我可以通过通话记录集来做到这一点
这是我的代码:
Hello guys,
i just want to update only one record in a table without using where statement
i think i can do that by call recordset
this my code:
Dim cs As String = ("Provider=Microsoft.ace.OLEDB.12.0; Data Source=" & Application.StartupPath & "\vbdata.accdb")
con = New OleDbConnection(cs)
con.Open()
Dim cb As String = ("update tblmoney set [amount] = '" & txt1.Text & "' , [aname] = '" & txt2.Text & "' ")
Dim cmd As New OleDbCommand(cb)
cmd.Connection = con
cmd.ExecuteReader()
con.Close()
推荐答案
Bruno Sprecher是对的:你的做法是错误的从一开始就。通过串联从UI获取的字符串组成的查询。不仅重复的字符串连接是低效的(因为字符串是不可变的;我是否必须解释为什么它会使重复连接变坏?),但是有更重要的问题:它打开了通向良好的大门已知的漏洞称为 SQL注入。
这是它的工作原理: http://xkcd.com/327 [ ^ ]。< br $> b $ b
怎么办?只需阅读有关此问题和主要补救措施:参数化语句: http://en.wikipedia.org/ wiki / SQL_injection [ ^ ]。
使用ADO.NET,请使用: http:// msdn.microsoft.com/en-us/library/ff648339.aspx [ ^ ]。
请查看我过去的答案以获取更多详细信息:
EROR IN com.ExecuteNonQuery(); [ ^ ],
hi name没有显示在名称中? [ ^ ]。
-SA
Bruno Sprecher is right: your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.
This is how it works: http://xkcd.com/327[^].
What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection[^].
With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx[^].
Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();[^],
hi name is not displaying in name?[^].
—SA
这篇关于如何更新记录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文