0

我的记录数据库有问题。为什么单击 btnOut 时。系统将保存状态 = 1 请任何人帮助我。在按钮中设置数字。这是代码,请检查是否有错误。感谢。

我正在使用 vb 2008 和数据库 mysql

表格 1

Private Sub btnIn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnIn.Click
    Const btnIn As Integer = 1
    Form1.Show()
End Sub'

Private Sub btnOut_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnOut.Click
    Const btnO As Integer = 0
    Form1.Show()
End Sub

表格 2

Private Sub btnD_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnD.Click
    Dim command As MySqlCommand
    command = New MySqlCommand
    Const btnO As Integer = 0
    Const btnI As Integer = 1


    command.CommandText = "SEARCH INTO visitor WHERE nokp VALUES ('" & TextBox1.Text & "')"

    If TextBox1.Text = "Masukkan No.I/C Anda" Or TextBox1.Text = "" Then
        MessageBox.Show("Sila Masukkan No Kad Pengenalan Anda", "Mesej", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)

    Else
        If btnO = 0 Then
            command.Connection = conn
            tkhupd = Now.ToString("yyyy-MM-dd HH:mm:tt")
            command.CommandText = "INSERT INTO visitor(nok,tkhupd,status)VALUES ('" & TextBox1.Text & "','" & tkhupd & "','" & 1 & "' )"
            MessageBox.Show("ok")
            command.ExecuteNonQuery()
            TextBox1.ResetText()

        Else
            If btnO = 0 Then
                command.Connection = conn
                tkhupd = Now.ToString("yyyy-MM-dd HH:mm:tt")
                command.CommandText = "INSERT INTO visitor(nok,tkhupd,status)VALUES ('" & TextBox1.Text & "','" & tkhupd & "','" & 1 & "' )"
                MessageBox.Show("ok Out")
                command.ExecuteNonQuery()
                TextBox1.ResetText()
            End If
        End If
    End If
    Exit Sub

End Sub
4

1 回答 1

0

我不想这么说,但那段代码有很多错误。甚至不要让我开始研究 sql 注入漏洞(现在,您只是要求被黑客入侵)。不,我会更基本的。从您的示例中查看这两行:

Const btnO As Integer = 0
'...
If btnO = 0 Then
  '...
Else 
  '...
End If

btnO 是一个常数。它不能改变。它总是0。因此,你的 If/Then 检查只是装傻:它总是正确的。你放在 Else 块中的任何东西都是毫无价值的:代码永远无法运行。

于 2012-04-19T13:58:10.213 回答