0

我无法构建代码,使我能够使用重复键更新 sql 语句将 gridview 数据插入 mysql 数据库。

网格视图只是一个普通的网格视图,它连接到浏览和上传按钮。这使我能够将 excel 电子表格上传到我的网格视图——它不是数据绑定的。

我已经在 VB 中完成了这项工作,但我发现在 vb.net 中编写它是一项艰巨的任务。这是VB中的代码。

Dim connectionString As String = "Server=*****;Database=****;Uid=****;Pwd=r*****;allow user variables=true"
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) _
       Handles Button2.Click

    Dim i As Integer = 0
    Dim student id,name,age,adress dbSQL_query As String
    Dim dbSQL_cmd As New SqlClient.SqlCommand
    Dim dbSQL_con As New SqlClient.SqlConnection




    Using SQLConnection As New MySqlConnection(connectionString)

        SQLConnection.Open()

        For i = 0 To DataGridView1.RowCount - 1
            Using sqlCommand As New MySqlCommand()
                student id = DataGridView1.Item(0, i).Value.ToString
                name = DataGridView1.Item(1, i).Value.ToString
                age = DataGridView1.Item(2, i).Value.ToString
               adress = DataGridView1.Item(3, i).Value.ToString.ToLower
                dbSQL_query = "INSERT INTO student)  VALUES  (" + addQoute(student_id) + ", " + _
                      addQoute(name) + ", " + _
                      addQoute(age) + ", " + _
                      addQoute(adress) + ", " + _

                      addQoute(status) + ") on duplicate key update name=(" + addQoute(name) + "),age=(" + addQoute(age) + "),adress=(" + addQoute(adress) + ")"
                With sqlCommand

                    .CommandText = dbSQL_query
                    .Connection = SQLConnection
                    .CommandType = CommandType.Text

                End With
                sqlCommand.ExecuteNonQuery()
                dbSQL_cmd = New SqlClient.SqlCommand(dbSQL_query, dbSQL_con)


            End Using

        Next



        'MessageBox.Show(DataGridView1.RowCount & " student details has been inserted")
        SQLConnection.Close()
    End Using

End Sub



Public Function addQoute(ByVal str As String) As String
    str = Trim(str)
    Return "'" + str + "'"
End Function
4

1 回答 1

0

我已更改您的代码以使用 MySql 对象并为您的每个值添加 MySqlParameter(未找到字段状态除外)。

Dim i As Integer = 0 
Dim student_id,name,age,adress, dbSQL_query As String 
Dim dbSQL_cmd As MySqlCommand 
Dim dbSQL_con As MySqlConnection 

Using dbSQL_con As New MySqlConnection(connectionString) 
    dbSQL_con.Open() 

    For i = 0 To DataGridView1.RowCount - 1 
        Using dbSQL_cmd As New MySqlCommand() 
            student_id = DataGridView1.Item(i, 0).Value.ToString 
            name = DataGridView1.Item(i, 1).Value.ToString 
            age = DataGridView1.Item(i, 2).Value.ToString 
            adress = DataGridView1.Item(i, 3).Value.ToString.ToLower 
            dbSQL_query = "INSERT INTO student  VALUES  (?id, ?name, ?age, ?adress) " + 
                   " on duplicate key update name=(name=?name, age=?age, adress=?adress)"
            With dbSQL_cmd
                .Parameters.AddWithValue("?id", student_id)
                .Parameters.AddWithValue("?name", name)
                .Parameters.AddWithValue("?age", age)
                .Parameters.AddWithValue("?adress", adress)
                ' .Parameters.AddWithValue("?status", ?????)
                .CommandText = dbSQL_query 
                .Connection = dbSQL_con 
                .CommandType = CommandType.Text 
            End With 
            dbSQL_cmd.ExecuteNonQuery() 
        End Using 
    Next 
    'MessageBox.Show(DataGridView1.RowCount & " student details has been inserted") 
End Using

请不要使用字符串来创建 sql 命令,始终使用参数。
这很重要,因为您的代码可用于创建Sql Injection Attacks,此外,您不需要创建特殊函数来解析像 AddQuote 这样的 sql 分隔符的字符串。

最后,Using语句对SqlCommand、SqlConnection等实现IDisposable接口的对象进行dispose,在dispose过程中MySqlConnection会自动关闭。

于 2012-10-21T12:20:46.940 回答