如何防止这种例外?

时间:2013-10-30 16:33:01

标签: vb.net winforms oledb

我得到了什么:

两个mdb数据库和一个用于将信息(行)从db1插入到db2的应用程序。

当我运行我的代码时有一个例外:

System resource exceeded.


代码:


连接字符串:

Dim db2Connection As New OleDb.OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\db2.mdb;Persist Security Info=False;")

Dim db1Connection As New OleDb.OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=c:\db1.mdb;Persist Security Info=False;")


复制信息的代码:

Dim DataAddapter As New OleDb.OleDbDataAdapter
Dim ds As New DataSet

'Open DB1 Connection:

db1Connection.open()

'Select All From M

DataAddapter.SelectCommand = New OleDb.OleDbCommand("SELECT * FROM M", db1Connection)
Dim cmd As OleDb.OleDbCommand = DataAddapter.SelectCommand
Dim Reader As OleDb.OleDbDataReader = cmd.ExecuteReader()

'Before Reading Results From DB1 Lets Open DB2Connection:
db2Connection.open()

'Start Reading Results in LOOP:
        Do Until Reader.Read() = False
            Dim F_Name As String = Reader("F_NAME")
            Dim L_Name As String = Reader("L_NAME")
            Dim CITY As String = Reader("NAME_CITY")
            F_Name = Replace(F_Name, "'", "")
            L_Name = Replace(L_Name, "'", "")

'Start Moving The Results To Db2(Insert):
'--------------------------------------


                Dim Exist As Integer = 0
                Dim c As New OleDb.OleDbCommand
                c.Connection = db2Connection
                c.CommandText = "SELECT COUNT(*) FROM `Names` WHERE `LastName`='" & L_Name & "' AND `FirstName`='" & F_Name & "' AND `City`='" & CITY & "'"
'----------------------------------------
'Exception Here!! :(
'This Line Checking If Already Exist
                Exist = CLng(c.ExecuteScalar())
'----------------------------------------

                If Exist = 0 Then
                    c.CommandText = "INSERT INTO `Names` (`LastName`,`FirstName`,`City`) VALUES ('" & L_Name & "','" & F_Name & "','" & CITY & "')"
                    c.ExecuteNonQuery()
                    'Note: After this line i'am getting the Exception there... (2 queries executed ExecuteScalar + ExecuteNonQuery) maybe i need to create connection for every query? :S

                End If
       Loop



另一件事: 我必须在此语法中将查询发送到 db2 (否则它不起作用):

INSERT INTO `Names` (`LastName`,`FirstName`,`City`) VALUES ('" & L_Name & "','" & F_Name & "','" & CITY & "')
i have to use the ->  `  <- to the name of the columns,
but when i'am sending a query to db1 without  ->  `  <-  it's working. :S and i dont know what is the difference between db1 to db2 but its very strange maybe my problem is there...


好的答案是一个很好的例子加上很好的解释:)。(c#或vb.net)

1 个答案:

答案 0 :(得分:0)

你是sql-injection的主要内容......你应该阅读它,并且至少要对你的sql命令进行PARAMETERIZE,不要构建字符串语句来执行嵌入值。我不知道db2如何处理参数......有些使用“?”作为占位符,SQL-Server使用“@”而Advantage数据库使用“:”..但无论如何,这是它的原理... 

c.CommandText = "select blah from `names` where LastName = ? and FirstName = ? and City = ?"

c.CommandText = "select blah from `names` where LastName = @parmLastName and FirstName = @parmFirstName and City = @parmCity"

对于上面的命名参数(例如@parmLastName),我的前缀是“parm”,其唯一目的是区分值与实际的COLUMN名称

然后,您的参数将类似于

c.Parameters.Add( "@parmLastName", yourLastNameVariable )
c.Parameters.Add( "@parmFirstName", yourFirstNameVariable)
c.Parameters.Add( "@parmCity", yourCityVariable)

如果使用“?”未明确命名的参数版本,您需要确保您的参数上下文与“?”的顺序相同占位。

然后执行您的调用...相同的原则适用于您的所有查询(选择,插入,更新,删除)

至于你的系统资源......你拉下了多少条记录。它可能只是在扼杀你的系统内存资源,试图拉下整个数据库表。您可能希望一次根据一个字母来分解......

Also, a link from MS about system resources and Access via a patch.

相关问题
最新问题