我正在尝试为我的程序创建一个更新语句,该语句将根据用户输入的数据使用SQL更新数据库,遗憾的是我遇到的问题是我一次只能更新一列,有时候不能更新工作。我知道这个功能非常基本,对攻击不是很安全,但它是我正在制作的一个小项目。不幸的是,我只有基本的编程技能,所以我很难让这部分工作。如果能给予任何帮助,我们将不胜感激。
Private Sub btnsave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnsave.Click
Dim con As New OleDb.OleDbConnection
Dim d1 As New OleDb.OleDbDataAdapter
Dim d2 As New OleDb.OleDbDataAdapter
Dim d3 As New OleDb.OleDbDataAdapter
Dim d4 As New OleDb.OleDbDataAdapter
Dim d5 As New OleDb.OleDbDataAdapter
Dim d6 As New OleDb.OleDbDataAdapter
Dim d7 As New OleDb.OleDbDataAdapter
Dim d8 As New OleDb.OleDbDataAdapter
Dim d9 As New OleDb.OleDbDataAdapter
Dim d10 As New OleDb.OleDbDataAdapter
Dim dt As New DataTable("Animals")
'uses the 2010 compatible connection string
con.ConnectionString = "PROVIDER=Microsoft.ACE.OLEDB.12.0;Data Source = h:\Animals.accdb"
con.Open()
MsgBox("UPDATE Animals SET LatinName = '" & latintxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'")
d1 = New OleDb.OleDbDataAdapter("UPDATE Animals SET LatinName = '" & latintxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d2 = New OleDb.OleDbDataAdapter("UPDATE Animals SET LocationFound = '" & locationtxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d3 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageHeight = '" & heighttxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d4 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageWeight = '" & weighttxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d5 = New OleDb.OleDbDataAdapter("UPDATE Animals SET DietaryNeeds = '" & diettxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d6 = New OleDb.OleDbDataAdapter("UPDATE Animals SET ConservationStatus = '" & statustxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d7 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageLifeSpan = '" & lifetxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d8 = New OleDb.OleDbDataAdapter("UPDATE Animals SET BreedingSeason = '" & breedtxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d9 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AverageLength = '" & lengthtxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d10 = New OleDb.OleDbDataAdapter("UPDATE Animals SET AnimalName = '" & nametxt.Text & "'" & " WHERE AnimalName = " & "'" & Form1.txtname.Text & "'", con)
d1.Fill(dt)
d2.Fill(dt)
d3.Fill(dt)
d4.Fill(dt)
d5.Fill(dt)
d6.Fill(dt)
d7.Fill(dt)
d8.Fill(dt)
d9.Fill(dt)
d10.Fill(dt)
con.Close()
End Sub
答案 0 :(得分:1)
要执行更新命令,您可以编写单个语句并使用OleDbCommand ExecuteNonQuery方法。
Dim cmdText As String = "UPDATE Animals SET LatinName=?,LocationFound=?,AverageHeight=?," +
"AverageWeight = ?, DietaryNeeds = ?, ConservationStatus = ?, " +
"AverageLifeSpan = ?, BreedingSeason = ?, AverageLength = ? " +
"WHERE AnimalName = ?"
Using con = new OleDbConnection("PROVIDER=Microsoft.ACE.OLEDB.12.0;Data Source = h:\Animals.accdb")
Using cmd = new OleDbCommand(cmdText, con)
con.Open()
cmd.Parameters.AddWithValue("@p1",latintxt.Text)
cmd.Parameters.AddWithValue("@p2",locationtxt.Text)
cmd.Parameters.AddWithValue("@p3",heighttxt.Text)
cmd.Parameters.AddWithValue("@p4",weighttxt.Text)
cmd.Parameters.AddWithValue("@p5",diettxt.Text)
cmd.Parameters.AddWithValue("@p6",statustxt.Text)
cmd.Parameters.AddWithValue("@p7",lifetxt.Text)
cmd.Parameters.AddWithValue("@p8",breedtxt.Text)
cmd.Parameters.AddWithValue("@p9",lengthtxt.Text)
cmd.Parameters.AddWithValue("@p10",nametxt.Text)
cmd.ExecuteNonQuery()
End Using
End Using
需要注意几个问题,这可能会导致更新失败
首先,所有参数值都是string类型,这可能是您的主要问题。如果数据库字段不是文本类型,则需要将这些值转换为适当的类型
例如,如果字段AverageHeight
是数字(双精度),则参数应写为:
cmd.Parameters.AddWitValue("@p3",Convert.ToDouble(heighttxt.Text))
当然,heighttxt中的文本应该可以转换为double。
第二个问题是用于查找要更新的记录的参数的内容
在您的查询中,此字段名为AnimalName
,您使用Form1.txtname.Text
搜索记录,但在同一查询文本中,您尝试使用nametxt.Text
更新WHERE子句中使用的相同字段。从逻辑上讲,这两个字段包含相同的值,因此您只需要一个参数。
要记住的最后一点,在OleDb中,参数不能通过名称识别,而是通过它们在命令文本中的位置来识别。因此,请注意参数添加到参数集合的正确顺序