0

好吧,我正在创建一个搜索栏来查找我学校项目中的一些患者,但是当我搜索它时它可以工作,但是当我进行另一次搜索时,它向我发送了一条消息,就好像即使它存在,数字也不存在一样,这就是代码的按钮希望你能帮助我。

Private Sub cmdIDBuscar_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdBuscarID.Click

    Dim sqlCon As New SqlClient.SqlConnection
    Dim sqlComm As New SqlClient.SqlCommand

    'Ruta de la conección.
    sqlCon.ConnectionString = ("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Sistema para Hospitales.mdf;Integrated Security=True;User Instance=True")
    'Instrucción con la que se trabajara.
    sqlComm.CommandText = "SELECT * FROM [Pacientes] WHERE IDPaciente= '" & txtID.Text & "';"
    'Abrir la coneccion SQL
    sqlCon.Open()

    Do Until txtID.Text = txtCompararID.Text

        Me.PacientesBindingSource.MoveNext()

        Exit Do

        If EOF(True) Then KryptonMessageBox.Show("Error, no se encontro paciente.", "Error", MessageBoxButtons.AbortRetryIgnore, MessageBoxIcon.Error)

    Loop

    If txtID.Text = txtCompararID.Text Then
        txtNombres.Text = txtCompararN1.Text & " " & txtCompararN2.Text & " " & txtCompararN3.Text
        txtApellidos.Text = txtCompararAp1.Text & " " & txtCompararAp2.Text
        txtEdad.Text = txtCompararEdad.Text
        Select Case txtCompararSexo.Text
            Case Is = "F"
                txtSexo.Text = "Femenino"
            Case Is = "M"
                txtSexo.Text = "Masculino"
        End Select
        Select Case TipoAfiliacionTextBox.Text
            Case Is = "1"
                txtTAfiliacion.Text = "Cotizante"
            Case Is = "2"
                txtTAfiliacion.Text = "Beneficiario"
            Case Is = "3"
                txtTAfiliacion.Text = "Pensionado"
        End Select
        txtAltura.Text = AlturaTextBox1.Text
        txtPeso.Text = PesoTextBox1.Text
        txtPresion.Text = PresionTextBox.Text
        txtTemperatura.Text = TemperaturaTextBox.Text
    Else
        KryptonMessageBox.Show("No se encontro el paciente", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
    End If

End Sub
4

1 回答 1

1

除其他问题外,因为您在比较循环的中间有一个 Exit Do 语句,您可能只会匹配第一条记录,因为您的 do 循环最多执行一次。

我猜测 txtCompararID 是您的 PacientesBindingSource 的数据包,并且您的循环的目的是在此绑定源中移动,直到找到与 txtID 匹配的值。

如果是这种情况,您的 do 循环应该看起来更像:

' Get back to the top of the list
Me.PacientesBindingSource.MoveFirst()

Do Until txtID.Text = txtCompararID.Text

    Me.PacientesBindingSource.MoveNext()

    If EOF(True) Then 
       KryptonMessageBox.Show("Error, no se encontro paciente.", "Error", MessageBoxButtons.AbortRetryIgnore, MessageBoxIcon.Error)

       Exit Do
    End If
Loop

此外,您应该为您的连接和命令对象使用 Using 语句,以便在您完成使用它们时正确关闭和处理它们。

例如:

Using sqlCon As New SqlClient.SqlConnection
Using sqlComm As New SqlClient.SqlCommand

... all of your code
End Using
End Using

最后,也是最重要的,您应该使用参数化查询语句来防止 SQL 注入攻击,因为您允许直接输入值。这个说法:

sqlComm.CommandText = "SELECT * FROM [Pacientes] WHERE IDPaciente= '" & txtID.Text & "';"

应该改为:

sqlComm.CommandText = "SELECT * FROM [Pacientes] WHERE IDPaciente= ?"
sqlComm.Parameters.AddWithValue("IDPaciente", txtID.text)
于 2012-08-01T20:28:07.650 回答