数据库中存在减法运算问题 [英] Probleam with subtraction operation in database

问题描述

Hai，我在这里创建编码，该编码用于从
中减去数据库中的数字 文本框.在我的编码中，我使用文本框从用户那里接收号码，它将
减去数据库中的数字.对于您的信息，我正在使用UPDATE sql命令进行此操作.同时，我还创建表名InItem并具有列名Itemquantity单击按钮后，出现错误invalidOperationException从我的编码中未得到处理.这是我的编码，请如果缺少部分，请更正我的编码.我还突出显示了哪个代码给出此错误.哦，是的，我的减法sql命令正确吗?我也不确定导致它从Internet获得.如果我的命令为false，请使用正确的命令向我显示.再见

私有子Button1_Click(ByVal发送者为System.Object，ByVal e为System.EventArgs)处理Button1.Click

Dim ra As Integer

昏暗的新OleDb.OleDbConnection("Provider = SQLOLEDB; Data Source = Danawa; Initial Catalog = Store; Integrated Security = SSPI")
试试
Con.Open()
捕获为InvalidOperationException
MsgBox(ex.Message)
结束尝试

Dim Trans = Con.BeginTransaction

作为新的OleDb.OleDbCommand昏暗的cmd >
ra = cmd.ExecuteNonQuery()//这是导致错误的行//
Trans.Commit()
Con.Close()
End Sub

Hai, i am creating here coding which use to substract number in database from
textbox. In my coding i use textbox which receive number from user and it will
subtract a number in database. For your info i am using UPDATE sql command for this operation .In the same time i also create table name InItem and have column name Itemquantity After i click the button i got an error invalidOperationException was unhandled from my coding .Here is my coding and please correct my coding if it have missing part. I also highlight which code give this error.Oh ya , is that my sql command for subtraction is correct? i also not sure cause it get it from internet.If my command if false please show me with correct command..Bye

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click

Dim ra As Integer

Dim Con As New OleDb.OleDbConnection("Provider=SQLOLEDB ;Data Source=Danawa;Initial Catalog=Store;Integrated Security=SSPI ")
Try
Con.Open()
Catch ex As InvalidOperationException
MsgBox(ex.Message)
End Try

Dim Trans = Con.BeginTransaction

Dim cmd As New OleDb.OleDbCommand("UPDATE ItemIn SET Itemquantity = Itemquantity- ''" & ItemquantityTextBox.Text & "WHERE ItemName = ''" & ItemNameComboBox.Text & "''", Con)

ra = cmd.ExecuteNonQuery()// This is line which cause an error//
Trans.Commit()
Con.Close()
End Sub

推荐答案

这里有两件事:一是您在命令字符串中有一个不匹配的引号字符:在第一个字符串的末尾有一个单引号，附加TextBox后未关闭.

另一个是这样做是非常危险的方式:它使您的数据库容易受到意外或故意的SQL注入攻击.改用参数化查询:

Two things here: one is that you have an unmatched quote character in your command string: at the end of the first string there is a single quote, which is not closed after the TextBox is appended.

The other is that that is a very dangerous way to do it: it leaves your database wide open to an accidental or deliberate SQL injection attack. Use Parametrized queries instead:

Dim cmd As New OleDb.OleDbCommand("UPDATE ItemIn SET Itemquantity = Itemquantity - @IQ WHERE ItemName = @IN", Con)
cmd.Parameters.AddWithValue("IQ", Int32.Parse(ItemquantityTextBox.Text))
cmd.Parameters.AddWithValue("IN", ItemNameComboBox.Text)

这篇关于数据库中存在减法运算问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！