0

我有一个 VB.Net 表单,它允许用户更新客户详细信息,例如姓名、联系电话:等。因此,当客户为客户名称等输入新名称时,应用程序应更新现有字段中的相应字段与客户 ID 相关的条目。 

Dim cn As New SqlConnection
Dim cmd As New SqlCommand
Dim adapter As New SqlDataAdapter
Dim dt As New DataTable

cn.ConnectionString = ("Data Source=NIMO-HP\SQLEXPRESS;Initial Catalog=FYP_db;Integrated Security=True")
cmd.Connection = cn
cn.Open()

cmd.CommandText = " UPDATE TblCustomerDetails (compID, compName, compContact, compAddress, compFax, compEmail, compPayterm, compTaxscheme, compPaymode, compRemarks ) SET Values ('" & lblCID.Text & "', '" & txtCname.Text & "', '" & txtCpno.Text & "', '" & txtCaddrs.Text & "','" & txtCfax.Text & "', '" & txtCemail.Text & "', '" & cmbPterm.Text & "','" & cmbTaxschm.Text & "',' " & cmbPmode.Text & "', '" & txtRemarks.Text & "')  WHERE compID = '" & lblCID.Text & "';"

cmd.ExecuteNonQuery()
MsgBox("Account updated!!", MsgBoxStyle.Information, "Updation complete")
4

2 回答 2

0

您对 UPDATE 语句使用 INSERT 语法。您的 UPDATE 语句应具有以下形式:

UPDATE tableName
SET    col1 = val1,
       col2 = val2,
       col3 = val3
WHERE  someColumn = someValue

此外,您对使用非参数化查询的 SQL 注入攻击持开放态度。最后,我会使用一个Using块来确保您的连接和命令被正确关闭和处理。

将它们放在一起看起来像这样:

Using Dim cn As SqlConnection = New SqlConnection("Data Source=NIMO-HP\SQLEXPRESS;Initial Catalog=FYP_db;Integrated Security=True")

    cn.Open()

    Dim sqlQuery As String = "UPDATE TblCustomerDetails " + _
                             "SET compName = @compName, " + _
                             "compContact = @compContact, " + _
                             "compAddress = @compAddress, " + _
                             "compFax = @compFax, " + _
                             "compEmail = @compEmail, " + _
                             "compPayterm = @compPayterm, " + _
                             "compTaxscheme = @compTaxscheme, " + _
                             "compPaymode = @compPaymode, " + _
                             "compRemarks = @compRemarks " + _
                             "WHERE compID = @compID"

    Using Dim cmd As SqlCommand = New SqlCommand(sqlQuery, cn)

        cmd.Parameters.AddWithValue("@compFax", txtCname.Text)
        cmd.Parameters.AddWithValue("@compContact", txtCpno.Text)
        cmd.Parameters.AddWithValue("@compAddress", txtCaddrs.Text)
        cmd.Parameters.AddWithValue("@compFax", txtCfax.Text)
        cmd.Parameters.AddWithValue("@compEmail", txtCemail.Text)
        cmd.Parameters.AddWithValue("@compPayterm", cmbPTerm.Text)
        cmd.Parameters.AddWithValue("@compTaxscheme", cmbTaxschm.Text)
        cmd.Parameters.AddWithValue("@compPaymode", cmbPmode.Text)
        cmd.Parameters.AddWithValue("@compRemarks", txtRemarks.Text)
        cmd.Parameters.AddWithValue("@compID", lblCID.Text)

        Dim result As Integer

        result = cmd.ExecuteNonQuery()

        If result = 1 Then
            MsgBox("Account updated!!", MsgBoxStyle.Information, _
                   "Updation complete")
        Else
            MsgBox("Account not updated!!", MsgBoxStyle.Information, _
                   "Updation not complete")
        End If
    End Using
End Using

上面的代码示例中还有一些需要注意的地方:

首先,我从要更新的值列表中删除了 compID。您在 WHERE 查询中使用它,所以我认为如果您尝试更新作为 WHERE 子句一部分使用的同一列,您的查询会得到有趣的结果。此外,该值的来源是一个标签,它告诉我它不应该被更改。

其次,ExecuteNonQuery()返回一个 int ,其中包含受影响的行数。在这种情况下,它应该是 1 - 如果它不是 1,我让你显示一个不同的消息框。

第三,cmbPTermcmbTaxxshm听起来cmbPmodeComboBox我,你不会得到我认为你期望使用他们的Text财产的东西。我想你会想要SelectedText- 很难说不知道你的 ComboBoxes 是如何绑定的。我会把它作为练习留给你:)

第四,为了便于阅读,我将 UPDATE 查询分成几行——只要查询正确,您不必那样做。

最后,我建议使用MessagBox.Show()vs MsgBox

于 2013-07-06T21:49:33.210 回答
0 
    Dim cnn As New SqlConnection
    Dim cmd As New SqlCommand

    cnn.ConnectionString = ("Data Source=NIMO-HP\SQLEXPRESS;Initial Catalog=FYP_db;Integrated Security=True")
    cmd.Connection = cnn
    cnn.Open()
    cmd.CommandText = "update TblCustomerDetails set compName='" & txtCname.Text & "' , compContact = '" & txtCpno.Text & "' , compAddress = '" & txtCaddrs.Text & "' , compFax = '" & txtCfax.Text & "' , compEmail = '" & txtCemail.Text & "' , compPayterm = '" & cmbPterm.Text & "' , compTaxscheme = '" & cmbTaxschm.Text & "' , compPaymode = '" & cmbPmode.Text & "' , compRemarks = '" & txtRemarks.Text & "' where compID = '" & lblCID.Text & "'"
    cmd.ExecuteNonQuery()
    cnn.Close()
    MessageBox.Show("entry updated!!!")
于 2013-07-07T14:55:43.633 回答