Question

抱歉，我是vb.net的新程序员，所以我需要一些帮助。我不熟悉sql server，这是我插入员工信息的代码。它工作正常，我的问题是如何使用emp_id

搜索此记录

    Dim mycommand As SqlCommand
    myconnection = New SqlConnection("server=;uid=admin;pwd=;database=payroll")
    myconnection.Open()
    mycommand = New SqlCommand("INSERT INTO employee_info([employee_id],
      [first_name],[last_name],[middle_name],[email],[telephone],
      [gender],[status],[date_birth],[hire_date],[street_add],[city],
      [state_province]) values ('" & Employee_idTextBox.Text & "','" &
      First_nameTextBox.Text & "','" & Last_nameTextBox.Text & "','" &
      Middle_nameTextBox.Text & "','" & EmailTextBox.Text & "','" &
      TelephoneTextBox.Text & "','" & GenderTextBox.Text & "','" & 
      StatusTextBox.Text & "','" & Date_birthDateTimePicker.Value.Date & 
      "','" & Hire_dateDateTimePicker.Value.Date & "','" & 
      Street_addTextBox.Text & "','" & CityTextBox.Text & "','" &
      State_provinceTextBox.Text & "')", myconnection)
    mycommand.ExecuteNonQuery()
    myconnection.Close()

Answer 1

与其他人一样，您应该参数化INSERT以避免SQL注入漏洞。

以下是按Employee_ID

检索新插入的员工记录的方法

Dim dbConn as SqlConnection
Dim myCommand As SqlCommand
dbConn = New SqlConnection("server=;uid=admin;pwd=;database=payroll")
dbConn.Open()
myCommand = New SqlCommand("SELECT * FROM employee_info WHERE  employee_id = @EmployeeId", dbConn)
myCommand.Parameters.AddWithValue("@ EmployeeId", employeeId) 
' employeeId in above line is the variable that contains the actual id you want to retrieve

myDataReader = myCommand.ExecuteReader()
' do stuff with the data in myDataReader here
' ...
' .....
myDataReader.Close()
dbConn.Close()

如何使用vb.net在sql server中搜索记录

1 个答案: