运算符用于vb.net中的组合框

时间:2014-03-17 10:56:25

标签: mysql sql vb.net-2010

是组合框的示例。我该怎么做才能没有错误?`

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles save.Click
        Dim genderval As String
        Dim birthdate As String
        birthdate = bday.Value.ToString()
        If babae.Checked = True Then
            genderval = "Female"
        Else
            genderval = "Male"
        End If
        query = "insert into studentinfo(Lastname,Firstname,middlename,birthdate,gender,age,studentyear,username,accountpassword,confirmpassword) values('" & familynem.Text & "','" & givennem.Text & "','" & middlenem.Text & "','" & birthdate & "','" & genderval & "','" & Edaad.Text & "','" *years* "','" & usename.Text & "','" & accpass.Text & "','" & confirmpass.Text & "')"
        con.Open()
        cmd = New SqlCommand(query, con)
        cmd.ExecuteNonQuery()
        con.Close()
        dataReload()
        user.Show()
        Me.Hide()


    End Sub
End Class

2 个答案:

答案 0 :(得分:0)

您需要通过它的属性访问ComboBox,而不是直接访问

使用Years.TextYears.SelectedValue代替年

试试这个

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles save.Click
        Dim genderval As String
        Dim birthdate As String
        birthdate = bday.Value.ToString()
        If babae.Checked = True Then
            genderval = "Female"
        Else
            genderval = "Male"
        End If
        query = "insert into studentinfo(Lastname,Firstname,middlename,birthdate,gender,age,studentyear,username,accountpassword,confirmpassword) values('" & familynem.Text & "','" & givennem.Text & "','" & middlenem.Text & "','" & birthdate & "','" & genderval & "','" & Edaad.Text & "','" Years.Text "','" & usename.Text & "','" & accpass.Text & "','" & confirmpass.Text & "')"
        con.Open()
        cmd = New SqlCommand(query, con)
        cmd.ExecuteNonQuery()
        con.Close()
        dataReload()
        user.Show()
        Me.Hide()
    End Sub
End Class

答案 1 :(得分:0)

使用串联字符串时,这种错误很常见。在某处,一个或多个字符串值包含一个无效字符,该字符会破坏sql命令的语法。 例如,如果其中一个文本框包含单引号,则生成的查询文本将无效。此外,尚不清楚什么是。如果它是组合框,那么您需要通过属性Text(或SelectedValueSelectedItem)提取其值。另一件需要注意的是参数值和基础列数据类型之间的匹配。它们应该是相同的,因此对于整数字段,您需要从文本框文本添加转换(年龄?)

通常的答案是参数化查询,可以消除此类错误和Sql Injection漏洞

query = "insert into studentinfo " & _ 
        "(Lastname,Firstname,middlename,birthdate,gender,age," & _
        "studentyear,username,accountpassword,confirmpassword) " & _
        "values(@family,@given,@mname,@dob,@gender,@eda,@years,@uname,@pwd,@cpwd)"

con.Open()
// cmd = New SqlCommand(query, con)
cmd = new MySqlCommand(query, con)
cmd.Parameters.AddWithValue("@family",familynem.Text)
cmd.Parameters.AddWithValue("@given",givennem.Text)
cmd.Parameters.AddWithValue("@mname",middlenem.Text )
cmd.Parameters.AddWithValue("@dob",birthdate)
cmd.Parameters.AddWithValue("@gender",genderval )
cmd.Parameters.AddWithValue("@eda",Edaad.Text) ' or Convert.ToInt32(Edaad.Text)
cmd.Parameters.AddWithValue("@years",years.Text)
cmd.Parameters.AddWithValue("@uname",usename.Text )
cmd.Parameters.AddWithValue("@pwd",accpass.Text )
cmd.Parameters.AddWithValue("@cpwd",confirmpass.Text )
cmd.ExecuteNonQuery()

顺便说一句,您已使用MySql标记了此问题,但您使用的是SqlCommand。什么是正确的数据库?

相关问题
最新问题