我正在尝试为我的程序创建一个更新语句,该语句将根据用户输入的数据使用SQL更新数据库,遗憾的是我遇到的问题是我一次只能更新一个数据库,有时候它们没有工作。如果能给予任何帮助,我们将不胜感激。
Private Sub btnsave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnsave.Click
Dim con As New OleDb.OleDbConnection
Dim d1 As New OleDb.OleDbDataAdapter
Dim d2 As New OleDb.OleDbDataAdapter
Dim d3 As New OleDb.OleDbDataAdapter
Dim d4 As New OleDb.OleDbDataAdapter
Dim d5 As New OleDb.OleDbDataAdapter
Dim d6 As New OleDb.OleDbDataAdapter
Dim d7 As New OleDb.OleDbDataAdapter
Dim d8 As New OleDb.OleDbDataAdapter
Dim d9 As New OleDb.OleDbDataAdapter
Dim d10 As New OleDb.OleDbDataAdapter
Dim dt As New DataTable("Animals")
'uses the 2010 compatible connection string
con.ConnectionString = "PROVIDER=Microsoft.ACE.OLEDB.12.0;Data Source = h:\Animals.accdb"
con.Open()
MsgBox("UPDATE Animals SET LatinName = '" & latintxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'")
d1 = New OleDb.OleDbDataAdapter("UPDATE Animals SET LatinName = '" & latintxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d2 = New OleDb.OleDbDataAdapter("UPDATE Animals SET LocationFound = '" & locationtxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d3 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageHeight = '" & heighttxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d4 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageWeight = '" & weighttxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d5 = New OleDb.OleDbDataAdapter("UPDATE Animals SET DietaryNeeds = '" & diettxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d6 = New OleDb.OleDbDataAdapter("UPDATE Animals SET ConservationStatus = '" & statustxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d7 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageLifeSpan = '" & lifetxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d8 = New OleDb.OleDbDataAdapter("UPDATE Animals SET BreedingSeason = '" & breedtxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d9 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageLength = '" & lengthtxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d10 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AnimalName = '" & nametxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d1.Fill(dt)
d2.Fill(dt)
d3.Fill(dt)
d4.Fill(dt)
d5.Fill(dt)
d6.Fill(dt)
d7.Fill(dt)
d8.Fill(dt)
d9.Fill(dt)
d10.Fill(dt)
con.Close()
End Sub
答案 0 :(得分:1)
你的功能非常低效。您应该使用OleDB.OleDBCommand而不是数据适配器。 Dataadapters主要用于从数据库获取数据而不更新数据库。您可以使用它们来更新数据,但不能用它来更新数据。
尝试将您的功能更改为:
Using cn As New OleDbConnection(YOURCONNECTIONSTRING)
Dim cSQL As String = "THIS WILL BE YOUR SQL"
Dim cmd As New OleDbCommand(cSQL, cn)
Try
If cn.State <> ConnectionState.Open Then cn.Open()
cmd.ExecuteNonQuery()
'Now reset cSQL to your second SQL string and recreate your OleDbCommand with the new string.'
cSQL = "NEW SQL STRING"
cmd = New OleDbCommand(cSQL, cn)
cmd.ExecuteNonQuery()
'Now repeat your process as many times as you like.'
Catch ex As Exception
'Handle any errors here.'
End Try
End Using
话虽如此,您应该像其他人提到的那样为所有输入使用命令参数。这是一个更先进的,你应该在自己的时间谷歌周围自学如何做到这一点。有大量的教程可以引导您完成整个过程。一旦您学会了如何使用这些参数,您就可以很好地保护未来的项目免受黑客和恶意用户的攻击。</ p>
答案 1 :(得分:0)
实际的sql可能类似于:
update yourtable
set field1 = something
, field2 = something else
etc
你所有与你的.net代码有关的就是创建一个类似于它的字符串。另外,使用查询参数。