2

我正在添加这样的记录:

    Dim pathString As String = HttpContext.Current.Request.MapPath("Banking.mdb")
    Dim odbconBanking As New OleDbConnection _
             ("Provider=Microsoft.Jet.OLEDB.4.0;" & _
             "Data Source=" + pathString)
    Dim sql As String
    sql = "INSERT INTO tblUsers ( FirstName, LastName, Address, City, Province, Zip, Phone, UserName, [Password])" & _
              " VALUES ('" & firstName & "', '" & lastName & "', '" & address & _
            "', '" & city & "', '" & province & "', '" & zip & "', '" & phone & "', '" & username & "', '" & password & "');"
    odbconBanking.Open()
    Dim cmd As New OleDbCommand(sql, odbconBanking)
    cmd.ExecuteNonQuery()
    odbconBanking.Close()

主键是一个名为 UserID 的自动编号字段。那么,如何获取刚刚插入的记录的主键呢?

谢谢。

4

5 回答 5

5

我相信参数化查询看起来像这样:

Dim pathString As String = HttpContext.Current.Request.MapPath("Banking.mdb")
Dim odbconBanking As New OleDbConnection _
     ("Provider=Microsoft.Jet.OLEDB.4.0;" & _
     "Data Source=" + pathString)
Dim sql As String
sql = "INSERT INTO tblUsers ( FirstName, LastName, Address, City, Province, Zip, Phone, UserName, [Password])" & _
      " VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?);"
odbconBanking.Open()
Dim cmd As New OleDbCommand(sql, odbconBanking)

//Add Params here
cmd.Parameters.Add(new OdbcParameter("@FirstName", firstName))
cmd.Parameters.Add(new OdbcParameter("@LastName", lastName))
//..etc

//End add Params here

cmd.ExecuteNonQuery()
Dim newcmd As New OleDbCommand("SELECT @@IDENTITY", odbconBanking)
uid = newcmd.ExecuteScalar

odbconBanking.Close()

我的语法可能有点偏离,因为我更习惯于使用 Sql Server 库而不是 Odbc 库,但这应该可以帮助您入门。

于 2008-12-06T05:41:08.067 回答
4

"SELECT @@IDENTITY"插入后应与 Microsoft.Jet Provider 一起使用。

于 2008-12-06T03:57:49.867 回答
2

你会想要添加

;select scope_identity();

查询后,运行 executeScalar 以取回值。

另外,在一个完全不相关的注释中,您确实应该更改代码以使用参数化查询,这样您就不会陷入 SQL 注入攻击,或者由于连接到您的 sql 语句中的不正确转义字符串而导致崩溃。

于 2008-12-06T03:58:08.773 回答
2

知道了。上面的代码现在是这样的:

    Dim pathString As String = HttpContext.Current.Request.MapPath("Banking.mdb")
    Dim odbconBanking As New OleDbConnection _
             ("Provider=Microsoft.Jet.OLEDB.4.0;" & _
             "Data Source=" + pathString)
    Dim sql As String
    sql = "INSERT INTO tblUsers ( FirstName, LastName, Address, City, Province, Zip, Phone, UserName, [Password])" & _
              " VALUES ('" & firstName & "', '" & lastName & "', '" & address & _
            "', '" & city & "', '" & province & "', '" & zip & "', '" & phone & "', '" & username & "', '" & password & "');"
    odbconBanking.Open()
    Dim cmd As New OleDbCommand(sql, odbconBanking)
    cmd.ExecuteNonQuery()
    Dim newcmd As New OleDbCommand("SELECT @@IDENTITY", odbconBanking)
    uid = newcmd.ExecuteScalar

    odbconBanking.Close()
于 2008-12-06T04:05:41.927 回答
1

最简单的方法是在代码级别生成您的 uniqueIdentifier 值,将其添加到您的字符串并将其发送到服务器。

Dim sql As String, _
    myNewUserId as variant

myNewUserId = stGuidGen    'this function will generate a new GUID value)'
sql = "INSERT INTO tblUsers ( userId, LastName)" & _
      " VALUES ('" & myNewUserId & "','" & LastName);"

您可以在此处查看stGuidGen guid 生成代码的建议。

这种客户端技术清晰、干净且有用

于 2008-12-06T15:54:54.660 回答