0

我正在尝试为我的程序创建一个更新语句,该语句将根据用户输入的数据使用 SQL 更新数据库,不幸的是我遇到的问题是我一次只能更新一列,有时它们都不起作用。我知道这个功能非常基本,对攻击不是很安全,但这是我正在做的一个小项目。不幸的是,我只有基本的编程技能,所以我无法让这部分工作。如果可以提供任何帮助,将不胜感激。

Private Sub btnsave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnsave.Click

    Dim con As New OleDb.OleDbConnection

    Dim d1 As New OleDb.OleDbDataAdapter
    Dim d2 As New OleDb.OleDbDataAdapter
    Dim d3 As New OleDb.OleDbDataAdapter
    Dim d4 As New OleDb.OleDbDataAdapter
    Dim d5 As New OleDb.OleDbDataAdapter
    Dim d6 As New OleDb.OleDbDataAdapter
    Dim d7 As New OleDb.OleDbDataAdapter
    Dim d8 As New OleDb.OleDbDataAdapter
    Dim d9 As New OleDb.OleDbDataAdapter
    Dim d10 As New OleDb.OleDbDataAdapter

    Dim dt As New DataTable("Animals")

    'uses the 2010 compatible connection string
    con.ConnectionString = "PROVIDER=Microsoft.ACE.OLEDB.12.0;Data Source = h:\Animals.accdb"
    con.Open()

    MsgBox("UPDATE Animals SET LatinName = '" & latintxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'")
    d1 = New OleDb.OleDbDataAdapter("UPDATE Animals SET LatinName = '" & latintxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d2 = New OleDb.OleDbDataAdapter("UPDATE Animals SET LocationFound = '" & locationtxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d3 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageHeight = '" & heighttxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d4 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageWeight = '" & weighttxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d5 = New OleDb.OleDbDataAdapter("UPDATE Animals SET DietaryNeeds = '" & diettxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d6 = New OleDb.OleDbDataAdapter("UPDATE Animals SET ConservationStatus = '" & statustxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d7 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageLifeSpan = '" & lifetxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d8 = New OleDb.OleDbDataAdapter("UPDATE Animals SET BreedingSeason = '" & breedtxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d9 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageLength = '" & lengthtxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
    d10 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AnimalName = '" & nametxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)

    d1.Fill(dt)
    d2.Fill(dt)
    d3.Fill(dt)
    d4.Fill(dt)
    d5.Fill(dt)
    d6.Fill(dt)
    d7.Fill(dt)
    d8.Fill(dt)
    d9.Fill(dt)
    d10.Fill(dt)

    con.Close()

End Sub
4

1 回答 1

2

要执行更新命令,您可以编写一条语句并使用OleDbCommandExecuteNonQuery方法。

Dim cmdText As String = "UPDATE Animals SET LatinName=?,LocationFound=?,AverageHeight=?," + 
                 "AverageWeight = ?, DietaryNeeds = ?, ConservationStatus = ?, " + 
                 "AverageLifeSpan = ?, BreedingSeason = ?, AverageLength = ? " +
                 "WHERE AnimalName = ?"

Using con = new OleDbConnection("PROVIDER=Microsoft.ACE.OLEDB.12.0;Data Source = h:\Animals.accdb")
Using cmd = new OleDbCommand(cmdText, con)
    con.Open()
    cmd.Parameters.AddWithValue("@p1",latintxt.Text)
    cmd.Parameters.AddWithValue("@p2",locationtxt.Text)
    cmd.Parameters.AddWithValue("@p3",heighttxt.Text)
    cmd.Parameters.AddWithValue("@p4",weighttxt.Text)
    cmd.Parameters.AddWithValue("@p5",diettxt.Text)
    cmd.Parameters.AddWithValue("@p6",statustxt.Text)
    cmd.Parameters.AddWithValue("@p7",lifetxt.Text)
    cmd.Parameters.AddWithValue("@p8",breedtxt.Text)
    cmd.Parameters.AddWithValue("@p9",lengthtxt.Text)
    cmd.Parameters.AddWithValue("@p10",nametxt.Text)
    cmd.ExecuteNonQuery()
End Using
End Using

有几个问题需要注意,这可能会导致更新失败。
首先,所有参数值都是字符串类型,这可能是您的主要问题。如果数据库字段不是文本类型,那么您需要将这些值转换为适当的类型。
例如,如果字段AverageHeight是数字(双精度),则参数应写为: 

cmd.Parameters.AddWithValue("@p3",Convert.ToDouble(heighttxt.Text))

当然,heighttxt 中的文本应该可以转换为 double。

第二个问题是用于查找要更新的记录的参数的内容。
在您的查询中,该字段被命名AnimalName,您使用 搜索记录Form1.txtname.Text,但在相同的查询文本中,您尝试使用 更新 WHERE 子句中使用的相同字段nametxt.Text。从逻辑上讲,这两个字段包含相同的值,因此您只需要一个参数。

最后一点要记住,在 OleDb 中,参数不是通过它们的名称来识别的,而是通过它们在命令文本中的位置来识别的。所以要注意参数添加到参数集合中的正确顺序

于 2013-04-13T20:41:14.130 回答