Dim conntps As MySqlConnection
Dim myconnstringtps As String
conntps = New MySqlConnection()
Dim mycommand As New MySqlCommand
Dim Updatepayments As String = "update payments set payments.payorname='" & _
epayorname.Text & "', payments.cardnumber='" & eccnumber.Text & _
"', payments.bankname='" & ebankname.Text & "', payments.checkaccountnumber='" & _
eaccountnumber.Text & "', payments.checkroutingnumber='" & _
erouting.Text & "', payments.cardexpirationdate='" & eexpmonth.Text & "/" & _
eexpireyear.Text & "', payments.cardexpirationmonth='" & _
eexpmonth.Text & "', payments.cardexpirationyear='" & eexpireyear.Text & _
"', payments.cardaddress='" & eaddy.Text & "', payments.cardzipcode='" & _
ezip.Text & "', payments.threedigitnumber='" & ecvv.Text & _
"' where payments.filenumber='" & TextBox1.Text & "' and paymentstatus='PENDING';"
myconnstringtps = "server=localhost; user id=root; " & _
"password=1C0cac0la; database=collectionsmax"
Try
conntps.Open()
Try
mycommand.Connection = conntps
mycommand.CommandText = Updatepayments
mycommand.ExecuteNonQuery()
conntps.Close()
mycommand.Dispose()
Catch myerror As MySqlException
MsgBox("error connecting:" & myerror.Message)
End Try
Catch myerror As MySqlException
MsgBox("error connecting:" & myerror.Message)
Finally
If conntps.State <> ConnectionState.Closed Then conntps.Close()
MsgBox("Successfully Changed")
End Try
尝试运行代码时,我没有收到任何错误或异常。
我试图将生成的更新查询输出到文本框并通过mysql管理工作室运行代码,它完美地运行。所以我很确定它不是发送到服务器的实际查询的问题。
我几乎使用了完全相同的代码来插入语句而没有任何问题。
使用上面提到的代码在我的VB.net应用程序中运行代码时,它不会更新数据库。
答案 0 :(得分:1)
您没有在MySqlConnection
中设置连接字符串myconnstringtps = "server=localhost; user id=root; password=1C0cac0la;......"
conntps = New MySqlConnection(myconnstringtps)
除此之外,您需要使用参数化查询来避免字符串中的单引号问题以及Sql Injection Attack安全问题
Dim Updatepayments As String = "update payments " & _
"set payments.payorname=@name," & _
"payments.cardnumber=@cnum," & _
"payments.bankname=@bank," & _
"payments.checkaccountnumber=@actnum," & _
"payments.checkroutingnumber=@routing," & _
"payments.cardexpirationdate=@monthyear," & _
"payments.cardexpirationmonth=@month," & _
"payments.cardexpirationyear=@year," & _
"payments.cardaddress=@address," & _
"payments.cardzipcode=@zip," & _
"payments.threedigitnumber=@digits " & _
"where payments.filenumber=@file and paymentstatus='PENDING'"
Dim mycommand As New MySqlCommand(Updatepayments, conntps)
mycommand.Parameters.AddWithValue("@name", epayorname.Text)
mycommand.Parameters.AddWithValue("@cnum", eccnumber.Text)
mycommand.Parameters.AddWithValue("@bank", ebankname.Text)
mycommand.Parameters.AddWithValue("@actnum", eaccountnumber.Text);
mycommand.Parameters.AddWithValue("@routing", erouting.Text)
mycommand.Parameters.AddWithValue("@monthyear", eexpmonth.Text & "/" & eexpireyear.Text)
mycommand.Parameters.AddWithValue("@month", eexpmonth.Text)
mycommand.Parameters.AddWithValue("@year", eexpireyear.Text)
mycommand.Parameters.AddWithValue("@address", eaddy.Text)
mycommand.Parameters.AddWithValue("@zip", ezip.Text)
mycommand.Parameters.AddWithValue("@digits", ecvv.Text)
mycommand.Parameters.AddWithValue("@file", TextBox1.Text)
其他有问题的一点:你确定你的字段都是字符串类型吗?您为每个字段传递一个字符串,并用单引号括起该值。如果您的字段中的某些人不是字符串类型,则可能会失败。 (特别是这些字段可能不是字符串类型 payments.cardnumber,payments.checkaccountnumber,payments.cardexpirationmonth,payments.cardexpirationyear,payments.threedigitnumber )
答案 1 :(得分:0)
红色警报您显然在这里处理信用卡信息,但是您自己和您的客户容易受到SQL注入攻击!
您在公共互联网上发布的代码中也有密码!
(史蒂夫似乎有正确的答案。)