如何在Vb.Net中更新 [英] How Do I Update In Vb.Net

问题描述

Imports System.Data.OleDb
Public Class ee
    Dim cnxnString As String = ("Provider=Microsoft.JET.OLEDB.4.0;" & _
"Data Source=D:\Mohamed Ayman\Donic.mdb")
    Dim cnxn As New OleDbConnection(cnxnString)
    Dim sql As New OleDbCommand
    Dim DataAdapter As New OleDbDataAdapter("SELECT * FROM [Clients]", cnxn)
    Dim cmdBuilder As New OleDbCommandBuilder(DataAdapter)
    Dim Clients As New DataTable

    Dim f As Integer = 0
    Dim r As String
    Private Sub bs_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles bs.Click
        Dim msg = "Do you want to save the changes?"
        Dim title = "Caution"
        Dim style = MsgBoxStyle.YesNo Or MsgBoxStyle.DefaultButton2 Or _
        MsgBoxStyle.Critical
        Dim response = MsgBox(msg, style, title)
        If response = MsgBoxResult.Yes Then
            Dim sqlsearch As String
            sqlsearch = "Update * FROM Clients WHERE [Club] LIKE '" & ComboBox2.Text & "'" & " [FirstName] LIKE '" & tsearch.Text & "'" & " [SurName] LIKE '" & combobox.Text & "'" & "  "
            Dim adapter As New OleDb.OleDbDataAdapter(sqlsearch, cnxn)
            Dim dt As New DataTable("Clients")
            adapter.Fill(dt)      //Syntax error update statment
            f = 1
        End If
    End Sub

推荐答案

更改UPDATE命令：语法甚至不关闭！

Change your UPDATE command: the syntax isn't even close!

UPDATE Clients SET MyColumn=MyValue, MyOtherColumn=MyOtherValue WHERE Club LIKE '%xxx%'

您正在寻找一般语法，但请不要这样做！不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。

然后查看其余的代码：因为你几乎肯定会从其他地方复制粘贴，所以你的应用程序的其余部分对任何想要的人都是敞开的。笑只需输入你的文本框就可以破坏你的数据库...

Is the general syntax you are looking for, but please, don;t do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
And then look at the rest of your code: since you almost certainly copy-n-pasted that from elsewhere, the rest of your application is wide open to anyone who "wants a laugh" to destroy your DB just by typing in your text boxes...

很少的东西：

1） UPDATE 声明错了！请用我的评论阅读解决方案1.

2）要运行修改数据的查询，您需要调用 ExecuteNonQuery（） [ ^ ]方法。

3）改为使用参数化查询。

Few things:
1) UPDATE statement is wrong! Please read solution 1 with my comment.
2) To run query which modifies data, you need to call ExecuteNonQuery()[^] method.
3) Use parametrized queries instead.

PARAMETERS [firstName] CHAR, [club] CHAR;
UPDATE TableName SET Club=[club] WHER FirstName = [firstName]

要调用此语句，请使用 AddWithValue方法 [ ^ ]。

请参阅：

OleDbCommand.Parameters Property [ ^ ]

配置参数和参数数据类型 [ ^ ]

To call this statement use AddWithValue method[^].
Please, see:
OleDbCommand.Parameters Property [^]
Configuring Parameters and Parameter Data Types[^]

这篇关于如何在Vb.Net中更新的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！