我有这段代码:
Private Sub btnAdd_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnAdd.Click
If txtCode.Text <> "878" Then
If ((txtCode.Text <> "") And (txtRefNo.Text <> "") And (txtPayee.Text <> "") And (txtOffice.Text <> "") And (txtAddress.Text <> "") And (txtParticulars.Text <> "") And (txtPPA.Text <> "") And (txtAmount.Text <> "")) Then
Try
If IsNumeric(txtAmount.Text) = False Then
MsgBox("Amount value should be in correct number format! e.g: 10000.00 or 10,000.00", MsgBoxStyle.Exclamation)
Exit Sub
End If
modGlobalFunctions.Connection.Close()
modGlobalFunctions.connectDatabase()
modGlobalFunctions.DateTimeNow = String.Format("{0:yyyy/MM/dd}", DateTime.Now)
Dim Reader As MySqlDataReader
Dim Amount As Double = Double.Parse(txtAmount.Text)
Reader = modGlobalFunctions.executeQuery("SELECT * FROM obligations " & _
"WHERE ref_no='" & txtRefNo.Text & "'")
If Reader.HasRows Then
MessageBox.Show("Could not insert duplicate entries for REFERENCE NO.!", "Form Validations", MessageBoxButtons.OK, MessageBoxIcon.Error)
Reader.Close()
modGlobalFunctions.Connection.Close()
Else
modGlobalFunctions.Connection.Close()
modGlobalFunctions.connectDatabase()
modGlobalFunctions.executeNonQuery("INSERT INTO obligations (resp_id, year_id, expenditure_id, ref_no, payee, office, address, particulars, ppa, amount, date_entered, date_edited, signature1, position1, signature2, position2) " & _
"VALUES ('" & RespCenterId & "', " & _
"'" & YearId & "', " & _
"'" & txtExpId.Text & "', " & _
"'" & modGlobalFunctions.addslashes(txtRefNo.Text) & "', " & _
"'" & modGlobalFunctions.addslashes(txtPayee.Text) & "', " & _
"'" & modGlobalFunctions.addslashes(txtOffice.Text) & "', " & _
"'" & modGlobalFunctions.addslashes(txtAddress.Text) & "', " & _
"'" & modGlobalFunctions.addslashes(txtParticulars.Text) & "', " & _
"'" & modGlobalFunctions.addslashes(txtPPA.Text) & "', " & _
"'" & Amount & "', " & _
"'" & modGlobalFunctions.DateTimeNow & "', " & _
"'" & modGlobalFunctions.DateTimeNow & "', " & _
"'" & Signature1 & "', " & _
"'" & Position1 & "', " & _
"'" & Signature2 & "', " & _
"'" & Position2 & "')")
MsgBox("Record has been added!", MsgBoxStyle.Information)
modGlobalFunctions.Connection.Close()
Me.Close()
Dispose()
frmObligations.MdiParent = frmMain
frmObligations.Show()
frmObligations.obligationLoadGrid()
End If
Catch ex As Exception
MessageBox.Show(ex.Message, "BIMS", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Try
Else
MsgBox("Please fill up all form fields!", MsgBoxStyle.Exclamation)
modGlobalFunctions.Connection.Close()
End If
modGlobalFunctions.Connection.Close()
Else
If ((txtCode.Text <> "") And (txtRefNo.Text <> "") And (txtPayee.Text <> "") And (txtOffice.Text <> "") And (txtAddress.Text <> "") And (txtParticulars.Text <> "")) Then
Try
modGlobalFunctions.Connection.Close()
modGlobalFunctions.connectDatabase()
modGlobalFunctions.DateTimeNow = String.Format("{0:yyyy/MM/dd}", DateTime.Now)
Dim Reader As MySqlDataReader
Reader = modGlobalFunctions.executeQuery("SELECT * FROM obligations " & _
"WHERE ref_no='" & txtRefNo.Text & "'")
If Reader.HasRows Then
MessageBox.Show("Could not insert duplicate entries for REFERENCE NO.!", "Form Validations", MessageBoxButtons.OK, MessageBoxIcon.Error)
Reader.Close()
modGlobalFunctions.Connection.Close()
Else
modGlobalFunctions.Connection.Close()
modGlobalFunctions.connectDatabase()
modGlobalFunctions.executeNonQuery("INSERT INTO obligations (resp_id, year_id, expenditure_id, ref_no, payee, office, address, particulars, date_entered, date_edited, signature1, position1, signature2, position2) " & _
"VALUES ('" & RespCenterId & "', " & _
"'" & YearId & "', " & _
"'" & txtExpId.Text & "', " & _
"'" & modGlobalFunctions.addslashes(txtRefNo.Text) & "', " & _
"'" & modGlobalFunctions.addslashes(txtPayee.Text) & "', " & _
"'" & odGlobalFunctions.addslashes(txtOffice.Text) & "', " & _
"'" & modGlobalFunctions.addslashes(txtAddress.Text) & "', " & _
"'" & modGlobalFunctions.addslashes(txtParticulars.Text) & "', " & _
"'" & modGlobalFunctions.DateTimeNow & "', " & _
"'" & modGlobalFunctions.DateTimeNow & "', " & _
"'" & Signature1 & "', " & _
"'" & Position1 & "', " & _
"'" & Signature2 & "', " & _
"'" & Position2 & "')")
MsgBox("Record has been added! You can now add project title!", MsgBoxStyle.Information)
frmProject.MdiParent = frmMain
frmProject.Show()
frmProject.Label2.Text = txtRefNo.Text
Me.Enabled = False
End If
Catch ex As Exception
MessageBox.Show(ex.Message, "BIMS", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Try
Else
MsgBox("Please fill up all form fields!", MsgBoxStyle.Exclamation)
modGlobalFunctions.Connection.Close()
End If
modGlobalFunctions.Connection.Close()
End If
End Sub
您认为Signature1,Position1,Signature2和Position2未存储在数据库中的原因是什么?它之前工作正常,直到我把if代码放入类别...顺便说一下这里是signature1,position1,signature2和position2的代码:
Signature1:
Private Sub cbSignatory1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs)
Try
modGlobalFunctions.Connection.Close()
modGlobalFunctions.connectDatabase()
Reader = modGlobalFunctions.executeQuery("SELECT person_id FROM persons WHERE person_name='" & cbSignatory1.Text & "'")
If Reader.HasRows Then
While Reader.Read
Signature1 = Reader("person_id").ToString()
End While
End If
Reader.Close()
modGlobalFunctions.Connection.Close()
Catch ex As Exception
MessageBox.Show(ex.Message, "BIMS", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Try
modGlobalFunctions.Connection.Close()
End Sub
签名2:
Private Sub cbSignatory2_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs)
Try
modGlobalFunctions.Connection.Close()
modGlobalFunctions.connectDatabase()
Reader = modGlobalFunctions.executeQuery("SELECT person_id FROM persons WHERE person_name='" & cbSignatory2.Text & "'")
If Reader.HasRows Then
While Reader.Read
Signature2 = Reader("person_id").ToString()
End While
End If
Reader.Close()
modGlobalFunctions.Connection.Close()
Catch ex As Exception
MessageBox.Show(ex.Message, "BIMS", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Try
modGlobalFunctions.Connection.Close()
End Sub
位置1:
Private Sub cbPosition1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs)
Try
modGlobalFunctions.Connection.Close()
modGlobalFunctions.connectDatabase()
Reader = modGlobalFunctions.executeQuery("SELECT position_id FROM positions WHERE position_name='" & cbPosition1.Text & "'")
If Reader.HasRows Then
While Reader.Read
Position1 = Reader("position_id").ToString()
End While
End If
Reader.Close()
modGlobalFunctions.Connection.Close()
Catch ex As Exception
MessageBox.Show(ex.Message, "BIMS", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Try
modGlobalFunctions.Connection.Close()
End Sub
位置2:
Private Sub cbPosition2_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs)
Try
modGlobalFunctions.Connection.Close()
modGlobalFunctions.connectDatabase()
Reader = modGlobalFunctions.executeQuery("SELECT position_id FROM positions WHERE position_name='" & cbPosition2.Text & "'")
If Reader.HasRows Then
While Reader.Read
Position2 = Reader("position_id").ToString()
End While
End If
Reader.Close()
modGlobalFunctions.Connection.Close()
Catch ex As Exception
MessageBox.Show(ex.Message, "BIMS", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Try
modGlobalFunctions.Connection.Close()
End Sub
有什么建议吗?
答案 0 :(得分:2)
我敢打赌Person_ID和position_id是数据库中的数字类型。对?之所以没插入是因为你用单引号包装它:
"'" & Signature1 & "', " & _ // <== here
"'" & Position1 & "', " & _
"'" & Signature2 & "', " & _
"'" & Position2 & "'
数字值不是用单引号括起来的。还有一件事,我建议您使用Command和parameters来避免SQL注入。
基于您的代码的示例:
Dim sqlStatement AS String = "INSERT INTO obligations (resp_id, year_id, expenditure_id, "
sqlStatement &= "ref_no, payee, office, address, particulars, ppa, amount, date_entered, "
sqlstetement &= "date_edited, signature1, position1, signature2, position2) "
sqlstetement &= "VALUES (@resp_id, @year_id, @expenditure_id, "
sqlStatement &= "@ref_no, @payee, @office, @address, @particulars, @ppa, @amount, @date_entered, "
sqlstetement &= "@date_edited, @signature1, @position1, @signature2, @position2) "
Using xConn AS New MySQLConnection(connStrHere)
Using xComm AS New MySQLCommand()
With xComm
.Connection = xConn
.CommandType = CommandType.Text
.CommandText = sqlStatement
.Parameter.AddWithValue("@resp_id", RespCenterId)
.Parameter.AddWithValue("@year_id", YearId)
.Parameter.AddWithValue("@expenditure_id", txtExpId.Text)
' continue with other parameters
' .....
' until you reach the last parameters '
.Parameter.AddWithValue("@signature1", Signature1)
.Parameter.AddWithValue("@position1", Position1)
.Parameter.AddWithValue("@signature2", Signature2)
.Parameter.AddWithValue("@position2", Position2)
End With
Try
xConn.Open()
xComm.ExecuteNonQuery()
MsgBox("Record has been added!", MsgBoxStyle.Information)
Catch ex AS MySQLException
MsgBox(e.Message, MsgBoxStyle.Exclamation)
Finally
xConn.Open()
End try
End Using
End Using