vb.net在组合框中的值(int)中添加值(int)

时间:2014-03-11 11:07:47

标签: mysql vb.net combobox

vb.net在组合框中的值(int)中添加值(int)来自组合框

我试图在选民点击提交按钮时在数据库中添加投票,但它不起作用,投票部分似乎没有添加,看起来像查询不起作用

我的数据库架构:

| cid | cpos | cfname | cmname | clname | cyr | cparty | votes | | 1 | President | john | ark | smith | 3 | glory | | 

Imports MySql.Data.MySqlClient
Public Class Form4

Dim con As New MySqlConnection
Dim cmd As New MySqlCommand
Dim da As New MySqlDataAdapter
Private Sub Form4_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
    con.ConnectionString = ("server=localhost;user id=root;database=db")
    Try
        con.Open()

        With cmd
            .Connection = con
            .CommandText = "SELECT CONCAT_WS(' ', cid, cfname, cmname, clname, cparty) as cid, " & _
                           "cpos, cid from candidate WHERE cpos='Vice President'"
        End With
        Dim dt As New DataTable

        da.SelectCommand = cmd
        da.Fill(dt)
        With ComboBox1
            Dim dv1 = New DataView(dt, "cpos='Vice President'", "", DataViewRowState.CurrentRows)
            .DisplayMember = "cid"
            .ValueMember = "cid"
            .DataSource = dv1
        End With
    Catch ex As Exception
        MsgBox(ex.Message)
    End Try
    con.Close()
End Sub

Private Sub cmdsubmit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdsubmit.Click
    Dim Query As String
    Query = "Update candidate SET votes = votes + 1 WHERE cid = '" & ComboBox1.SelectedItem(0).ToString & "')"

    Dim cmd As MySqlCommand = New MySqlCommand(Query, con)

    Try
        cmd.ExecuteNonQuery()
    Catch ex As Exception
    End Try
    Dim ds As New DataSet
    Dim dt As New DataTable

    da.Update(dt)
    MessageBox.Show("Query Completed")
    con.Close()
End Sub
End Class

1 个答案:

答案 0 :(得分:0)

您在查询结尾处不需要紧密的括号

 Query = "Update candidate SET votes = votes + 1 " & _ 
         "WHERE cid = '" & ComboBox1.SelectedItem(0).ToString & "'"

如果您不接受此异常,则应该非常容易注意到此错误 不要创建空Try/Catch块,至少打印异常捕获的错误消息

Try
     cmd.ExecuteNonQuery()
 Catch ex As Exception
     MessageBox.Show(ex.Message)
 End Try

然而,虽然在这种情况下没有Sql注入的真正危险,我仍然建议使用参数化查询。 

con.Open()
Query = "Update candidate SET votes = votes + 1 WHERE cid = @id"
Dim cmd As MySqlCommand = New MySqlCommand(Query, con)
cmd.Parameters.AddWithValue("@id", ComboBox1.SelectedItem(0).ToString)
Try
    cmd.ExecuteNonQuery()
Catch ex As Exception
     MessageBox.Show(ex.Message)
End Try
con.Close()

' remove the subsequent lines with the adapter because they are useless

最后一点,您确定数据表字段cid是字符串吗?如果是数字,则需要将此处传递的值转换为整数,否则可能会出现数据类型不匹配错误。

编辑如果出现错误消息,很明显连接已被上一个命令关闭,因此命令无法使用。在此上下文中,我建议删除保持对连接的引用的全局对象,并在需要时始终创建连接对象,并在使用后立即关闭它。 Using Statement非常适合这种情况

Query = "Update candidate SET votes = votes + 1 WHERE cid = @id"
Using con = new MySqlConnection("server=localhost;user id=root;database=db")
Using cmd = New MySqlCommand(Query, con)
    con.Open()
    cmd.Parameters.AddWithValue("@id", ComboBox1.SelectedItem(0).ToString)
    Try
        cmd.ExecuteNonQuery()
     Catch ex As Exception
        MessageBox.Show(ex.Message)
     End Try
 End Using
 End Using
相关问题
最新问题