我的记录数据库存在问题。点击btnOut时的原因。系统将保存状态= 1 请有人帮助我。按钮设置数字。这是代码,请检查是否有任何错误。谢谢。
我正在使用vb 2008和databse mysql
表1
Private Sub btnIn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnIn.Click
Const btnIn As Integer = 1
Form1.Show()
End Sub'
Private Sub btnOut_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnOut.Click
Const btnO As Integer = 0
Form1.Show()
End Sub
表格2
Private Sub btnD_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnD.Click
Dim command As MySqlCommand
command = New MySqlCommand
Const btnO As Integer = 0
Const btnI As Integer = 1
command.CommandText = "SEARCH INTO visitor WHERE nokp VALUES ('" & TextBox1.Text & "')"
If TextBox1.Text = "Masukkan No.I/C Anda" Or TextBox1.Text = "" Then
MessageBox.Show("Sila Masukkan No Kad Pengenalan Anda", "Mesej", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
Else
If btnO = 0 Then
command.Connection = conn
tkhupd = Now.ToString("yyyy-MM-dd HH:mm:tt")
command.CommandText = "INSERT INTO visitor(nok,tkhupd,status)VALUES ('" & TextBox1.Text & "','" & tkhupd & "','" & 1 & "' )"
MessageBox.Show("ok")
command.ExecuteNonQuery()
TextBox1.ResetText()
Else
If btnO = 0 Then
command.Connection = conn
tkhupd = Now.ToString("yyyy-MM-dd HH:mm:tt")
command.CommandText = "INSERT INTO visitor(nok,tkhupd,status)VALUES ('" & TextBox1.Text & "','" & tkhupd & "','" & 1 & "' )"
MessageBox.Show("ok Out")
command.ExecuteNonQuery()
TextBox1.ResetText()
End If
End If
End If
Exit Sub
End Sub
答案 0 :(得分:0)
我不想这么说,但是代码中有这么多错误。甚至不让我开始使用sql注入漏洞(现在,你只是要求被黑客攻击)。不,我会更加基本。从样本中查看这两行:
Const btnO As Integer = 0
'...
If btnO = 0 Then
'...
Else
'...
End If
btnO是常量。它无法改变。 总是为0.因此,你的If / Then检查只是玩傻:它总是如此。你放在Else块中的任何东西都是毫无价值的:代码可以从不运行。