不能在数据库（Access）中插入数据VB.NET [英] Cant insert data in database (Access) VB.NET

问题描述

我在一个项目上工作。我们的系统是酒店预订。在VB它说它添加在我的数据库

Im working on a project. Our system is Hotel Reservation. In VB it says that it added in my database

但然后当我检查我的数据库没有。
问题是什么
btw下面是代码：
Public Class RegistrationForm

but then when I check my database there is none. What is the problem btw Here's the code: Public Class RegistrationForm

Private Sub btnNext_Click(sender As Object, e As EventArgs) Handles btnNext.Click

    qry = "INSERT INTO tblGuest(GuestName, Gender, Address)VALUES('" &
    txtName.Text & "','" &
    txtGender.Text & "','" &
    txtAddress.Text & "');"

    cmd = New OleDb.OleDbCommand(qry, con)
    dr = cmd.ExecuteReader()

    MsgBox("Succesfully added in database")

    RoomInfoForm.Show()
End Sub
Private Sub RegistrationForm_Load(sender As Object, e As EventArgs) Handles MyBase.Load
    koneksyon()
End Sub

结束类

推荐答案

只是因为你的MsgBox触发并不意味着查询符合你的期望。
这更像你想做的：

Just because your MsgBox fires doesn't mean the query did what you expect. This is more like what you want to do:

Private Sub btnNext_Click(sender As Object, e As EventArgs) Handles btnNext.Click

    'parameterize the query to avoid SQL injection attacks which is the #1 code vulnerability on OWASP Top 10
    Dim qry As String = "INSERT INTO tblGuest(GuestName, Gender, Address)VALUES(?, ?, ?);"

    'Put disposable resources within Using blocks
    Using con As New OleDb.OleDbConnection()
        Using cmd As New OleDb.OleDbCommand(qry, con)

            'Create the parameters.
            Dim paramName As New OleDb.OleDbParameter("@p1", OleDb.OleDbType.VarChar)
            paramName.Value = txtName.Text 'you should null check and validate all these textbox values

            Dim paramGender As New OleDb.OleDbParameter("@p2", OleDb.OleDbType.VarChar)
            paramGender.Value = txtGender.Text

            Dim paramAddress As New OleDb.OleDbParameter("@p3", OleDb.OleDbType.VarChar)
            paramAddress.Value = txtAddress.Text

            'Assign the parameters to the command
            cmd.Parameters.Add(paramName)
            cmd.Parameters.Add(paramGender)
            cmd.Parameters.Add(paramAddress)

            'you are not returning a result set from the command, so ExecuteNonQuery
            cmd.ExecuteNonQuery()

        End Using
    End Using

    MsgBox("Succesfully added in database")

    RoomInfoForm.Show()
End Sub

这篇关于不能在数据库（Access）中插入数据VB.NET的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！