0

好的,所以我正在为 VB.net II 做我的最后一个项目。我为酒店住宿情况创建了一个项目,并且一切正常。但是,我需要帮助来添加一些东西。

我把它送到你的新客人/客户或回头客的地方。如果您是新的,当您提交表单时,它会将客户信息添加到数据库中。我的 Access 数据库有 2 个表:CustomerCustomerStays

现在,它们的主键是一个名为:CustomerID的字段 ,它们在数据库本身中具有联系在一起的关系。

Customer 表的字段包括:CustomerIDCustomerNameCustomerAddressCustomerZipcodeCustomerTagNumber

CustomerStays 表的字段包括:CustomerIDCustomerDateInCustomerDateOutTotalDays

这是我的主要形式的图像:主表格

当他们点击total for stay时,这里是通过它的代码

 Private Sub TotalForStayBtn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles TotalForStayBtn.Click

    ErrorChecking() 'Sub routine that checks for errors

    If YourGood = True Then 'Only good if you pass the error check

        '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
        ''''''''''''''''ADDING CUSTOMER INFORMATION TO THE DATABASE''''''''''''''''
        '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

        If ExistingCustomer = False Then

            Try

                myconnection.Open()

                Dim str As String

                str = "SELECT * FROM Customer WHERE CustomerTagNumber='" & CustomerTagNumbertxt.Text & "'"

                Dim cmd As OleDbCommand = New OleDbCommand(str, myconnection)

                dr = cmd.ExecuteReader

                If dr.Read Then

                    If MsgBox("That license plate tag number already exists. Are you an existing customer?", MsgBoxStyle.YesNo) = MsgBoxResult.Yes Then

                        ReturningCustomerLookup.Show()
                        Me.Close()

                    ElseIf MsgBoxResult.No Then

                        MessageBox.Show("Please re-enter your own license plate tag number and verify that it is entered correctly.")

                    End If

                Else

                    str = "INSERT INTO Customer (CustomerName, CustomerAddress, CustomerZip, CustomerTagNumber)" _
                        & " VALUES ('" & CustomerNametxt.Text & "','" _
                        & CustomerAddresstxt.Text & "','" _
                        & CustomerZipCodetxt.Text & "','" _
                        & CustomerTagNumbertxt.Text & "')"

                    cmd = New OleDbCommand(str, myconnection)
                    cmd.ExecuteNonQuery()
                    MessageBox.Show("Your information has been successfully added to the database", "Successful")

                    '''''''CALCULATING THE TOTAL'''''''
                    CalculateTotal()
                    '''''END CALCULATING THE TOTAL'''''

                    '''''''ADDING DATES INFO TO DATABASE'''''''
                    **CustomerStaysInsertion()**
                    '''''END ADDING DATES INFO TO DATABASE'''''

                End If

            Catch ex As Exception
                MessageBox.Show("There was an error inserting your information into the database" _
                                & vbCrLf & vbCrLf & "Original Error: " & ex.ToString, _
                                "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
            Finally
                myconnection.Close()
            End Try

            '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
            ''''''''''''''END ADDING CUSTOMER INFORMATION TO THE DATABASE''''''''''''''
            '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

        Else

            '''''''CALCULATING THE TOTAL'''''''
            CalculateTotal()
            '''''END CALCULATING THE TOTAL'''''

        End If

    End If

End Sub

现在我的问题是CustomerStays信息。它运行子例程,我想要它做的是使用客户的信息来获取Customer表中的CustomerID,并将 AS CustomerID连同他们签入和签出的日期以及总数一起放在CustomerStays表中停留的天数。

基本上,我需要它将所有这些信息与属于当前住在酒店的客户的 CustomerID 一起插入。

附加信息:

一些控件的名称:

日期输入 - DateInPicker

约会 - DateOutPicker

总天数 - TotalDayslbl

4

1 回答 1

1

首先,如果尚未设置,则需要将表CustomerID上的设置为,因此它的值会自动为您生成。CustomerAutonumber

然后,假设您的 Customer 表中没有并发插入,您可以在插入新客户的 ExecuteNonQuery 之后获取执行以下 OleDbCommand 的最后插入的自动编号,

    cmd.ExecuteNonQuery()
    cmd.CommandText = "SELECT @@IDENTITY"
    Dim result = Convert.ToInt32(cmd.ExecuteScalar())

那么该变量result应该在 Customer 表的 CustomerID 列中具有最后插入的值。

话虽如此,请接受建议以更改向数据库发出 sql 命令的方式。字符串连接确实是一种不好的做法,应该不惜一切代价避免。
举个例子,如果调用了 Customer,你的代码会发生什么John O'Hara?注意到单引号了吗?当您连接文本框中的字符串时,您的查询文本将导致错误的 sql 语句。但这只是语法错误,最糟糕的是这里描述的 Sql Injection 场景

这是一个如何编写插入查询的示例(但它适用于您需要使用malicious用户键入的文本的每个查询)

str = "INSERT INTO Customer (CustomerName, CustomerAddress, CustomerZip, CustomerTagNumber)" _
                    & " VALUES (?,?,?,?)"
cmd = New OleDbCommand(str, myconnection)
cmd.Parameters.AddWithValue("@p1", CustomerNametxt.Text)
cmd.Parameters.AddWithValue("@p2", CustomerAddresstxt.Text)
cmd.Parameters.AddWithValue("@p3", CustomerZipCodetxt.Text)
cmd.Parameters.AddWithValue("@p4", CustomerTagNumbertxt.Text)
cmd.ExecuteNonQuery()

通过这种方式,单引号的问题由框架代码解决,这也避免了 Sql Injection 的混乱。

编辑
对于 CustomerStays 字段(日期时间),请改用此

       Dim str As String
        str = "INSERT INTO CustomerStays (CustomerID, CustomerDateIn, CustomerDateOut, TotalDays)" _
                        & " VALUES (?,?,?,?)"

        Dim cmd As OleDbCommand = New OleDbCommand(str, myconnection)
        cmd.Parameters.AddWithValue("@p1", result)
        cmd.Parameters.AddWithValue("@p2", Convert.ToDateTime(DateInPicker.Value)
        cmd.Parameters.AddWithValue("@p3", Convert.ToDateTime(DateOutPicker.Value)
        cmd.Parameters.AddWithValue("@p4", TotalDayslbl.Text)
        cmd.ExecuteNonQuery()

如果 TotalDays 是数字 Convert.ToInt32(TotalDayslbl.Text) .....

于 2013-04-23T16:39:57.007 回答