1 
Dim conntps As MySqlConnection
Dim myconnstringtps As String
conntps = New MySqlConnection()
Dim mycommand As New MySqlCommand
Dim Updatepayments As String = "update payments set payments.payorname='" & _
    epayorname.Text & "', payments.cardnumber='" & eccnumber.Text & _
    "', payments.bankname='" & ebankname.Text & "', payments.checkaccountnumber='" & _
    eaccountnumber.Text & "', payments.checkroutingnumber='" & _
    erouting.Text & "', payments.cardexpirationdate='" & eexpmonth.Text & "/" & _
    eexpireyear.Text & "', payments.cardexpirationmonth='" & _
    eexpmonth.Text & "', payments.cardexpirationyear='" & eexpireyear.Text & _
    "', payments.cardaddress='" & eaddy.Text & "', payments.cardzipcode='" & _
    ezip.Text & "', payments.threedigitnumber='" & ecvv.Text & _
    "' where payments.filenumber='" & TextBox1.Text & "' and paymentstatus='PENDING';"
myconnstringtps = "server=localhost; user id=root; " & _
                  "password=1C0cac0la; database=collectionsmax"
Try
    conntps.Open()
    Try
        mycommand.Connection = conntps
        mycommand.CommandText = Updatepayments
        mycommand.ExecuteNonQuery()
        conntps.Close()
        mycommand.Dispose()
    Catch myerror As MySqlException
        MsgBox("error connecting:" & myerror.Message)
    End Try
Catch myerror As MySqlException
    MsgBox("error connecting:" & myerror.Message)
Finally
    If conntps.State <> ConnectionState.Closed Then conntps.Close()
    MsgBox("Successfully Changed")
End Try

尝试运行代码时,我没有收到任何错误或异常。

我试图将生成的更新查询输出到文本框并通过 mysql management studio 运行代码,它运行良好。所以我很确定这不是将实际查询发送到服务器的问题。

我使用几乎完全相同的代码来插入语句,没有任何问题。

当代码使用上述代码通过我的 VB.net 应用程序运行时,它不会更新数据库。

4

3 回答 3

1

您没有在 MySqlConnection 中设置连接字符串

myconnstringtps = "server=localhost; user id=root; password=1C0cac0la;......"
conntps = New MySqlConnection(myconnstringtps)

除此之外,您需要使用参数化查询来避免字符串中的单引号问题和Sql Injection Attack安全问题

Dim Updatepayments As String = "update payments " & _
    "set payments.payorname=@name," & _
    "payments.cardnumber=@cnum," & _
    "payments.bankname=@bank," & _
    "payments.checkaccountnumber=@actnum," & _
    "payments.checkroutingnumber=@routing," & _
    "payments.cardexpirationdate=@monthyear," & _
    "payments.cardexpirationmonth=@month," & _
    "payments.cardexpirationyear=@year," & _
    "payments.cardaddress=@address," & _
    "payments.cardzipcode=@zip," & _
    "payments.threedigitnumber=@digits " & _
    "where payments.filenumber=@file and paymentstatus='PENDING'"

Dim mycommand As New MySqlCommand(Updatepayments, conntps)
mycommand.Parameters.AddWithValue("@name", epayorname.Text)
mycommand.Parameters.AddWithValue("@cnum", eccnumber.Text)
mycommand.Parameters.AddWithValue("@bank", ebankname.Text)
mycommand.Parameters.AddWithValue("@actnum", eaccountnumber.Text);
mycommand.Parameters.AddWithValue("@routing", erouting.Text)
mycommand.Parameters.AddWithValue("@monthyear", eexpmonth.Text & "/" &  eexpireyear.Text)
mycommand.Parameters.AddWithValue("@month", eexpmonth.Text)
mycommand.Parameters.AddWithValue("@year", eexpireyear.Text)
mycommand.Parameters.AddWithValue("@address", eaddy.Text)
mycommand.Parameters.AddWithValue("@zip", ezip.Text)
mycommand.Parameters.AddWithValue("@digits", ecvv.Text)
mycommand.Parameters.AddWithValue("@file", TextBox1.Text)

其他问题点:您确定您的字段都是字符串类型的吗?您为每个字段传递一个字符串并用单引号将值括起来。如果您的某些字段不是字符串类型,这可能会失败。(尤其是这些字段可能不是字符串类型的payment.cardnumber、payments.checkaccountnumber、payments.cardexpirationmonth、payments.cardexpirationyear、payments.threedigitnumber

于 2012-12-18T22:18:56.637 回答
1

使用命令参数。这使得它更安全(SQL 注入)和更容易处理。

Dim Updatepayments As String = "UPDATE payments SET payments.payorname=@1, " & _
    "payments.cardnumber=@2, ..." & _
    "WHERE payments.filenumber=@11 AND paymentstatus='PENDING';"

mycommand.Parameters.AddWithValue("@1", epayorname.Text);
mycommand.Parameters.AddWithValue("@2", eccnumber.Text);
...

您也可以使用参数名称@epayorname,如 SQL-Server,但某些连接类型(如 ODBC)只允许位置参数。

于 2012-12-18T22:29:27.620 回答
0

红色警报您显然在这里处理信用卡信息,但您却让您自己和您的客户容易受到 SQL 注入攻击!

您在公共 Internet 上发布的代码中也有密码!

(史蒂夫似乎有正确的答案。)

于 2012-12-18T22:22:16.800 回答