0

i have this code made by myself researching, it returns no error, it update(s) some of the data entered in textboxes but not all the fields

i check the codes near the field that is updating to compare it to the textboxes that do not update.

but i dont see the difference, it just not update all fields, only some fields

   Dim sqlconn As New SqlClient.SqlConnection
    sqlconn.ConnectionString = "server = SKPI-APPS1;" & _
    "Database = EOEMS;integrated security=true"

    Dim myCommand As SqlCommand
    Try

        'update command
        sqlconn.Open()

        myCommand = New SqlCommand(
          "UPDATE tblOfficeEquipmentProfile SET OE_Category = '" & cmbCategory.Text
& "',OE_SubCategory = '" & cmbSubCategory.Text
& "', OE_Name = '" & txtName.Text
& "', OE_User = '" & txtUser.Text
& "', OE_Brand = '" & cmbBrand.Text
& "', OE_Model = '" & cmbModel.Text
& "', OE_Specs = '" & txtSpecs.Text
& "', OE_SerialNo = '" & txtSerialNo.Text
& "', OE_PropertyNo = '" & txtPropertyNo.Text
& "', OE_MacAddress = '" & txtMacAddress.Text
& "', OE_Static_IP = '" & txtStaticIp.Text
& "', OE_Vendor = '" & cmbVendor.Text
& "', OE_PurchaseDate = '" & txtPurchaseDate.Text
& "', OE_WarrantyInclusiveYear = '" & cmbWarrantyInclusiveYear.Text
& "', OE_WarrantyStatus = '" & txtWarrantyStatus.Text
& "', OE_Status = '" & txtStatus.Text
& "', OE_Dept_Code = '" & cmbDeptCode.Text
& "', OE_Location_Code = '" & cmbLocationCode.Text
& "', OE_Remarks ='" & cmbRemarks.Text
& "' WHERE OE_ID = '" & txtOEID.Text & "'", sqlconn)
' ^^  (edited to separate lines for ease of viewing )
        myCommand.ExecuteNonQuery()
        MessageBox.Show("Office Equipment Profile Successfully Updated Records")
    Catch ex As Exception
        MsgBox(ex.Message)
    End Try
4

1 回答 1

0

一些故障排除建议:

尝试这样的模式:

        Dim SQL As String = "UPDATE STaff Set Initials='RCH' WHERE Initials = 'RCH'"
        myCommand = New SqlCommand(SQL, sqlconn)
        Dim iCnt As Integer = myCommand.ExecuteNonQuery()
        MessageBox.Show("Office Equipment Profile Successfully Updated " & iCnt & " Records")

在第二行放置一个断点并使用 Text Visualizer 查看 SQL。您也可以复制它并在其他一些查询工具中使用它来处理它并查找错误。

此外,捕获更改的记录数(上面的 iCnt)并进行一些 QA 和/或调试。

注入:虽然您的项目可能不会受到注入攻击,但您可以通过不确保 .Text 值不会破坏 SQL 来踩到自己。例如,如果任何 .Text 包含撇号,则 SQL 将失败。您可以编写一个函数来将 ' 替换为 '' 并且您会很安全。

或者每个:OE_Location_Code = '" & cmbLocationCode.Text.replace("'","''")

这会将“Fred's Room”转换为“Fred's Room”

于 2013-04-11T21:09:41.230 回答