在程序中我的DISPLAY和ADD按钮正在工作,但是在UPDATE和DELETE记录时它会给出异常错误,即检查手册,以便与你的MYSQL服务器对应正确的语法..... 你能纠正我的语法吗??
Imports MySql.Data.MySqlClient
Imports System.Data
Partial Class _Default Inherits System.Web.UI.Page
Dim connection As MySqlConnection = New MySqlConnection("data source=localhost;database=dbconnect;user id=root;password=search;")
Dim mydataset As New DataSet()
Dim mydataadpter As MySqlDataAdapter = New MySqlDataAdapter()
Public query As String
' Dim con As MySqlConnection = New MySqlConnection("data source=localhost;database=dbconnect;user id=root;password=search;")
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
connection.Open()
End Sub
Protected Sub btn_display_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btn_display.Click
Dim mysql As MySqlCommand = New MySqlCommand("select * from userinfo", connection)
mydataadpter.SelectCommand = mysql
mydataadpter.Fill(mydataset, "product")
Try
GridView1.DataSource = mydataset
GridView1.DataBind()
GridView1.DataMember = "product"
connection.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
Protected Sub btn_add_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btn_add.Click
query = "INSERT INTO userinfo VALUES("
query = query + txt_userid.Text + ",'" + txt_username.Text + "'," + txt_age.Text + ")"
Dim MySqlCommand = New MySqlCommand(query, connection)
Dim i As Integer = MySqlCommand.ExecuteNonQuery()
If (i > 0) Then
MsgBox("record is saved")
Else
MsgBox("record is not saved")
End If
End Sub
Protected Sub btn_update_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btn_update.Click
Try
query = "UPDATE USERINFO SET username='" + txt_username.Text + "',"
query = query + "age=" + txt_age.Text
query = query + "WHERE userid=" + txt_userid.Text
Dim mysqlcommand = New MySqlCommand(query, connection)
MsgBox(query)
Dim i As Integer = mysqlcommand.ExecuteNonQuery()
If (i > 0) Then
MsgBox("record is updated")
Else
MsgBox("record is not updated")
End If
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
Protected Sub btn_delete_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btn_delete.Click
Try
query = "DELETE FROM userinfo WHERER userid=" + txt_userid.Text
Dim mysqlcommand As New MySqlCommand(query, connection)
MsgBox(query)
Dim i As Integer = mysqlcommand.ExecuteNonQuery()
If (i > 0) Then
MsgBox("record is deleted")
Else
MsgBox("record is not deleted")
End If
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
End Class
答案 0 :(得分:0)
您的查询似乎在语法上是正确的,但是,我总是使用参数化查询而不是字符串连接。这将避免Sql注入,并且参数值的引用将由框架代码执行。
尝试使用此更新方法
Try
query = "UPDATE USERINFO SET username=@uname, age=@uage WHERE userid = @uid";
Dim mysqlcommand = New MySqlCommand(query, connection)
mysqlcommand.Parameters.AddWithValue("@uname", txt_username.Text))
mysqlcommand.Parameters.AddWithValue("@uage",Convert.ToInt32(txt_age.Text))
mysqlcommand.Parameters.AddWithValue("@uid",Convert.ToInt32(txt_userid.Text))
Dim i As Integer = mysqlcommand.ExecuteNonQuery()
If (i > 0) Then
MsgBox("record is updated")
Else
MsgBox("record is not updated")
End If
Catch ex As Exception
MsgBox(ex.Message)
End Try
在代码中修复的另一个重要事项是全局连接对象。不要那样做。如果您的某个查询由于某种原因而失败,则会使连接保持打开状态,这对于代码的稳定性来说是个严重问题。
Try
query = "UPDATE USERINFO SET username=@uname, age=@uage WHERE userid = @uid";
Using con = new MySqlConnection(.......)
Using cmd = new MySqlCommand(query, con)
con.Open()
cmd.Parameters.AddWithValue(......)
End Using
End Using
Catch ex As Exception
....
End Try
using statement对于确保正确使用昂贵的资源(如与数据库的连接)以及确保正确关闭和处理这类对象至关重要