0

我正在制作一个工作管理系统,而且我对 Visual Basic 还是很陌生。

我想要做的是从数据库中检索具有给定 ID 的员工姓名。之后,我希望此名称显示在标签中。之后,他可以按下工作开始或工作结束按钮。

这是代码:

Private Function employeeSearchwithID(PersonalNr As String) As String

    Dim mitarbeiter As String
    Dim r As DataRow

    Access.ExecQuery("SELECT [Vorname], [Name] from [TA-Personal] WHERE ([Personal_Nr] = '" & PersonalNr & "');")

    'Report and Abort on Erros or no Records found
    If NoErros(True) = False Or Access.RecordCount < 1 Then Exit Function

    r = Access.DBDT.Rows(0)

    'Populate Label with Data
    mitarbeiter = r.Item("Vorname") & " " & r.Item("Name")

    Return mitarbeiter

End Function

它是这样使用的:

Private Sub tbxUserInput_KeyDown(sender As Object, e As KeyEventArgs) Handles tbxUserInput.KeyDown
    If e.KeyCode = Keys.Enter Then 'employeeIDnumbersSelect()
        Label5.Text = employeeSearchwithID(tbxUserInput.ToString)
    End If
End Sub

因此,计划是让这个程序在连接到扫描仪的平板电脑上运行。每个员工都会有一张个人卡。当他们扫描卡片时,我希望显示他们的名字。当然,该卡将带有ID。但是我在名字上遇到了麻烦:当我提供我的个人号码时,它会显示为一个空字符串。

我有一个单独的数据库模块。我从一个教程中学到:

Imports System.Data.OleDb

Public Class DBControl
    ' DB Connection 
    Public DBCon As New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0; Data Source=D:\recycle2000.mdb;")

    'DB Command
    Public DBCmd As OleDbCommand

    'DB Data
    Public DBDA As OleDbDataAdapter
    Public DBDT As DataTable
    'Public Myreader As OleDbDataReader = DBCmd.ExecuteReader

    'Query Paramaters
    Public Params As New List(Of OleDbParameter)

    ' Query Stats
    Public RecordCount As Integer
    Public Exception As String

    Public Sub ExecQuery(Query As String)
        'Reset Query Stats
        RecordCount = 0
        Exception = ""

        Try
            'Open a connection
            DBCon.Open()

            'Create DB Command
            DBCmd = New OleDbCommand(Query, DBCon)

            ' Load params into DB Command
            Params.ForEach(Sub(p) DBCmd.Parameters.Add(p))

            ' Clear params list
            Params.Clear()

            ' Execute command & fill Datatable
            DBDT = New DataTable
            DBDA = New OleDbDataAdapter(DBCmd)
            RecordCount = DBDA.Fill(DBDT)

        Catch ex As Exception

            Exception = ex.Message

        End Try

        ' Close your connection
        If DBCon.State = ConnectionState.Open Then DBCon.Close()

    End Sub

    ' Include query & command params
    Public Sub AddParam(Name As String, Value As Object)

        Dim NewParam As New OleDbParameter(Name, Value)
        Params.Add(NewParam)

    End Sub

End Class
4

1 回答 1

0

在不了解Access该类的情况下,我不得不推荐一种不同的方法来查询数据库。重要的是要确保数据库不会受到SQL 注入的影响,无论是故意的还是意外的。这样做的方法是使用所谓的 SQL 参数:不是将值放在查询字符串中,而是单独提供值。

Private Function EmployeeSearchwithID(personalNr As String) As String

    Dim mitarbeiter As String = String.Empty

    Dim sql = "SELECT [Vorname], [Name] from [TA-Personal] WHERE [Personal_Nr] = ?;"

    Using conn As New OleDbConnection("your connection string"),
           cmd As New OleDbCommand(sql, conn)

        cmd.Parameters.Add(New OleDbParameter With {.ParameterName = "@PersonalNr",
                                                    .OleDbType = OleDbType.VarChar,
                                                    .Size = 12,
                                                    .Value = personalNr})

        conn.Open()
        Dim rdr = cmd.ExecuteReader()

        If rdr.Read() Then
            mitarbeiter = rdr.GetString(0) & " " & rdr.GetString(1)
        End If

    End Using

    Return mitarbeiter

End Function

Private Sub tbxUserInput_KeyDown(sender As Object, e As KeyEventArgs) Handles tbxUserInput.KeyDown
    If e.KeyCode = Keys.Enter Then 'employeeIDnumbersSelect()
        Dim employeeName = EmployeeSearchwithID(tbxUserInput.Text.Trim())

        If String.IsNullOrEmpty(employeeName) Then
            MessageBox.Show("Not found.", "Problem", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
        Else
            Label5.Text = employeeName
        End If

    End If

End Sub

Using命令确保查询数据库所涉及的“非托管资源”在之后被清理,即使出现问题。

您将需要更改数据库中该列的值OleDbType.VarChar.Size = 12匹配该列的类型和大小。

参数名称只是为了方便使用 OleDb,因为它在实际查询中被忽略,它使用“?” 作为占位符。有关完整信息,请参阅OleDbCommand.Parameters 属性

如果还是不行,那么请在里面手动输入ID tbxUserInput,看看能不能让它这样工作。

等等…… tbxUserInput.ToString应该是tbxUserInput.Text。但我写的所有其他内容仍然适用。

于 2020-04-20T13:41:14.907 回答