如何使用ms.access 2007在VB.net中执行记录? [英] How to execute the record in VB.net with ms.access 2007?

问题描述

我在执行vb.net中的记录时遇到了一些问题.我正在使用Microsoft Access作为数据库.
当我使用这种语法进行乘法运算时，该记录显示在数据网格视图中，但该记录并没有完全保存在数据库中.有什么问题吗?
这是我的语法:

I''ve some problem in execute the record in vb.net. I''m using microsoft access as database.
When I run an aplication with this syntax, the record shown in data grid view, but the record wasn''t save corectly in database. What is the problem?
This my syntax:

Imports System.Data
Imports System.Data.OleDb
Public Class OlahData
    Dim con As OleDbConnection
    Dim cmd As OleDbCommand
    Dim reader As OleDbDataReader
    Dim constring As String
    Dim SqlString As String
    Dim numAffected As Integer
    Private Sub OlahData_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        constring = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & My.Application.Info.DirectoryPath & "/FKIP.mdb ;Persist Security Info=True"
        con = New OleDbConnection(constring)
        con.Open()
    End Sub

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        SqlString = "Insert Into MataKuliah values ('" & id.Text.Trim & "','" & nama.Text.Trim & "','" & jurusan.Text.Trim & "','" & Val(sks.Text) & "')"
        cmd = New OleDbCommand(SqlString, con)
        numAffected = cmd.ExecuteNonQuery
        MessageBox.Show(numAffected.ToString & "record berhasil di simpan")
    End Sub
    
    Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
        Dim ConnStr As String = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & My.Application.Info.DirectoryPath & "/FKIP.mdb;"
        Dim Conn As OleDbConnection
        Dim Ds As DataSet
        Dim Da As OleDbDataAdapter
        Dim SQL As String = "Select * From MataKuliah"
        Try
            Conn = New OleDbConnection(ConnStr)
            Ds = New DataSet
            Da = New OleDbDataAdapter(SQL, Conn)
            Da.Fill(Ds, "MataKuliah")

            gridview.DataSource = Ds.Tables("MataKuliah")
            gridview.Dock = DockStyle.Fill
        Catch
            MessageBox.Show("tabel tidak dapat ditampilkan....!", "Database error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
            Me.Close()
        End Try
    End Sub    
End Class

推荐答案

首先，尝试将字段列表添加到INSERT语句中:

Firstly, try addingthe fields list to your INSERT statement:

SqlString = "Insert Into MataKuliah values ('" & id.Text.Trim & "','" & nama.Text.Trim & "','" & jurusan.Text.Trim & "','" & Val(sks.Text) & "')"
cmd = New OleDbCommand(SqlString, con)
numAffected = cmd.ExecuteNonQuery

成为:

Becomes:

SqlString = "INSERT INTO MataKuliah (id, nama, jurusan, sks) VALUES ('" & id.Text.Trim & "','" & nama.Text.Trim & "','" & jurusan.Text.Trim & "','" & Val(sks.Text) & "')"
cmd = New OleDbCommand(SqlString, con)
numAffected = cmd.ExecuteNonQuery

这可能使其正常工作.
然后，将值替换为Parameters:

That may make it work.
Then, replace the values with Parameters:

SqlString = "INSERT INTO MataKuliah (id, nama, jurusan, sks) VALUES (@ID, @NM, @JU, @SK"
cmd = New OleDbCommand(SqlString, con)
cmd.Parameters.AddWithValue("@ID", id.Text.Trim)
cmd.Parameters.AddWithValue("@NM", nama.Text.Trim)
cmd.Parameters.AddWithValue("@JU", jurusan.Text.Trim)
cmd.Parameters.AddWithValue("@SK", Val(sks.Text))
numAffected = cmd.ExecuteNonQuery

这消除了SQL注入攻击的可能性(并使代码更具可读性).

[edit]在未参数化的版本中添加了"sks"字段名称:腮红:-OriginalGriff [/edit]

This removes the chance of an SQL Injection attack (and makes the code more readable).

[edit]Added "sks" field name to non-parametrized version :blush: - OriginalGriff[/edit]

这篇关于如何使用ms.access 2007在VB.net中执行记录?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！