更新数据库时出现问题 [英] Problem in Updating the database

问题描述

在我的项目中用户可以编辑已经显示在数据库文本框中的个人资料信息，他们可以保存更改。但问题是我在文本框中编辑数据，而更新它只需要更旧的值那个文本框我无法理解原因。任何人都知道如何解决这个问题吗？

In my project Users can edit their profile information which is already displayed in text boxes from the database and they can save changes.But the problem is though I edit the data in the textbox, while updating it takes only the older value in that textbox and I can't understand the reason. Can anyone know how to solve this?

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Dim con As New SqlConnection("Data Source=CSC32\SQLEXPRESS;Initial Catalog=Data1;Integrated Security=True;")
        Dim cmd As SqlCommand
        Dim name As String = Session("User")
        con.Open()
        cmd = New SqlCommand("SELECT * from Logs", con)
        Dim reader As Data.SqlClient.SqlDataReader = cmd.ExecuteReader()
        Dim f As Integer = 0
        If (reader.HasRows()) Then
            While (reader.Read())
                If (name.CompareTo(reader("Username")) = 0) Then
                    f = 1
                    GoTo l1
                Else
                    f = 0
                End If
            End While
l1:         If f = 1 Then
                eidtext.Text = reader("Email")
                dob.Text = reader("DOB")
                sqtext.SelectedItem.Text = reader("Secques")
                satext.Text = reader("Secans")
            End If
        End If
        con.Close()
    End Sub




Protected Sub Savechanges_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Savechanges.Click
        Dim con As New SqlConnection("Data Source=CSC32\SQLEXPRESS;Initial Catalog=Data1;Integrated Security=True;")
        con.Open()
        Dim adp As New SqlDataAdapter
        Dim cmd As New SqlCommand("update Logs set Email='" + eidtext.Text + "', DOB='" + dob.Text + "', Secques='" + sqtext.Text + "',Secans='" + satext.Text + "' where Username='" + Session("User") + "';", con)
        adp.UpdateCommand = cmd
        adp.UpdateCommand.ExecuteNonQuery()
        con.Close()
    End Sub

推荐答案

首先，不要直接连接值到SQL语句。这使您可以完全接受SQL注入。而是使用 SqlParameter [ ^ ]。



然后你不需要适配器。简单地说：

First of all, do not ever concatenate values directly to the SQL statement. This leaves you wide open to SQL injections. Instead use SqlParameter[^].

Then you don't need the adapter. Simply:

Dim con As New SqlConnection("Data Source=CSC32\SQLEXPRESS;Initial Catalog=Data1;Integrated Security=True;")
con.Open()
Dim cmd As New SqlCommand("update Logs set Email=@email, DOB=@dob, Secques=@Secques,Secans=@Secans where Username=@username", con)
' SET PARAMETER VALUES OVER HERE
...
cmd.Parameters.AddWithValue("@Secques", sqtext.Text)
...

cmd.ExecuteNonQuery()
con.Close()

另外

- 使用调试器ch在将文本分配到参数时，确实使用了最新值。

- 建议使用使用 [ ^ ]连接语句

- 更好的是将DML操作包装在 SqlTransaction [ ^ ]

Also
- using debugger check that you really use the latest values when assigning the text into parameters.
- it's advisable to use using[^] statement for the connection
- and better yet wrap the DML operations inside a SqlTransaction[^]

我可以猜到它，直到你提供一些代码。

检查在插入数据时是否为某个变量赋值，如果编辑数据，则不会为同一变量分配更新值。

I can guess it untill you provide some code.
Check if you have assigned value in some variable while inserting data and the same variable is not assigned with updated value in case if editing data.

这篇关于更新数据库时出现问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！