0

我正在尝试为我的程序创建一个更新语句,该语句将根据用户输入的数据使用 SQL 更新数据库,不幸的是我遇到的问题是我一次只能更新一个,有时它们都不起作用。如果可以提供任何帮助,将不胜感激。

Private Sub btnsave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnsave.Click

    Dim con As New OleDb.OleDbConnection

    Dim d1 As New OleDb.OleDbDataAdapter
    Dim d2 As New OleDb.OleDbDataAdapter
    Dim d3 As New OleDb.OleDbDataAdapter
    Dim d4 As New OleDb.OleDbDataAdapter
    Dim d5 As New OleDb.OleDbDataAdapter
    Dim d6 As New OleDb.OleDbDataAdapter
    Dim d7 As New OleDb.OleDbDataAdapter
    Dim d8 As New OleDb.OleDbDataAdapter
    Dim d9 As New OleDb.OleDbDataAdapter
    Dim d10 As New OleDb.OleDbDataAdapter

    Dim dt As New DataTable("Animals")

    'uses the 2010 compatible connection string
    con.ConnectionString = "PROVIDER=Microsoft.ACE.OLEDB.12.0;Data Source = h:\Animals.accdb"
    con.Open()

    MsgBox("UPDATE Animals SET LatinName = '" & latintxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'")
    d1 = New OleDb.OleDbDataAdapter("UPDATE Animals SET LatinName = '" & latintxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d2 = New OleDb.OleDbDataAdapter("UPDATE Animals SET LocationFound = '" & locationtxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d3 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageHeight = '" & heighttxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d4 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageWeight = '" & weighttxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d5 = New OleDb.OleDbDataAdapter("UPDATE Animals SET DietaryNeeds = '" & diettxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d6 = New OleDb.OleDbDataAdapter("UPDATE Animals SET ConservationStatus = '" & statustxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d7 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageLifeSpan = '" & lifetxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d8 = New OleDb.OleDbDataAdapter("UPDATE Animals SET BreedingSeason = '" & breedtxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d9 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageLength = '" & lengthtxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d10 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AnimalName = '" & nametxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)

    d1.Fill(dt)
    d2.Fill(dt)
    d3.Fill(dt)
    d4.Fill(dt)
    d5.Fill(dt)
    d6.Fill(dt)
    d7.Fill(dt)
    d8.Fill(dt)
    d9.Fill(dt)
    d10.Fill(dt)

    con.Close()

End Sub
4

2 回答 2

1

您的功能非常低效。您应该使用OleDB.OleDBCommand's 而不是数据适配器。数据适配器主要用于从数据库中获取数据而不是更新数据库。您可以使用它们来更新数据,但不能按照您的方式更新。

尝试将您的功能更改为如下所示:

Using cn As New OleDbConnection(YOURCONNECTIONSTRING)
    Dim cSQL As String = "THIS WILL BE YOUR SQL"
    Dim cmd As New OleDbCommand(cSQL, cn)
    Try
        If cn.State <> ConnectionState.Open Then cn.Open()
        cmd.ExecuteNonQuery()

        'Now reset cSQL to your second SQL string and recreate your OleDbCommand with the new string.'
        cSQL = "NEW SQL STRING"
        cmd = New OleDbCommand(cSQL, cn)
        cmd.ExecuteNonQuery()

        'Now repeat your process as many times as you like.'
    Catch ex As Exception
        'Handle any errors here.'
    End Try
End Using

话虽如此,您应该像其他人提到的那样对所有输入使用命令参数。这有点高级,你应该在自己的时间谷歌周围自学如何做到这一点。有大量的教程可以引导您完成整个过程。一旦你学会了如何使用这些参数,你就可以很好地保护你未来的项目免受黑客和恶意用户的攻击。

于 2013-04-08T21:03:18.780 回答
0

实际的 sql 可能类似于:

update yourtable
set field1 = something
, field2 = something else
etc

您对 .net 代码所要做的就是创建一个类似的字符串。另外,使用查询参数。

于 2013-04-08T19:21:58.053 回答