这里我有公司名称组合框..其中用户sekects名称.. 我希望公司名称显示在网格中......但根据表格,只有公司代码列....
我应该在公司表中显示公司名称的表格分区数据 这两个表都有共同的公司代码......
到目前为止,我已经做到了这一点......但是却出现了错误...
Private Sub btnDivUpdate_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnDivUpdate.Click
Dim con As New SqlConnection("Data Source")
con.Open()
Dim cmd As New SqlCommand("update tblDivision set tblCompany.CompanyName='" &
cmbDivComName.Text & "',tblDivision.Description1='" & txtDivDesc.Text & "',
tblDivision.DivSeq='" & txtDivSeq.Text & "', tblDivision.CreatedBy ='" &
txtDivCreatedBy.Text & "', tblDivision.CreatedDate ='" &
txtDivCreatedDate.Text & "', tblDivision.LastModifiedBy ='" &
txtDivLastModifiedBy.Text & "', tblDivision.LastModifiedDate ='" &
txtDivLastModifiedDate.Text & "' JOIN tblCompany ON tblDivision.CompanyCode =
tblCompany.CompanyCode where DivisionCode ='" & cmbDivCode.Text & "' ", con)
cmd.CommandType = CommandType.Text
cmd.ExecuteNonQuery()
Dim cmd2 As New SqlCommand("select * from tblDivision", con)
Dim da2 As New SqlDataAdapter(cmd2)
Dim ds2 As New DataSet()
da2.Fill(ds2,
"tblDivision")
DataGridDivision.DataSource = ds2.Tables(0)
con.Close()
End Sub
任何人都可以帮助.........
答案 0 :(得分:1)
您需要两个单独的sql语句才能执行此操作,因为您一次只能将更改写入一个表。幸运的是,您可以将它们作为同一执行命令和事务的一部分发送。在我们处理此问题的同时,我们会将您的SELECT声明置于首页,并修复sql注入漏洞和潜在的拒绝服务问题。生成的代码将比您拥有的代码长一些,但是,尽管长度很长,但更简单可以跟随和维护,并且它会更加安全:
Private Sub btnDivUpdate_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnDivUpdate.Click
Dim sql As String = _
"BEGIN TRANSACTION t1;" & _
"UPDATE tblDivision " & _
" SET Description1= @Description" & _
" , DivSeq= @Sequence" & _
" , CreatedBy= @CreatedBy" & _
" , CreatedDate= @CreatedDate" & _
" , LastModifiedBy= @LastModifiedBy" & _
" , LastModifiedDate= @LastModifiedDate"
" WHERE DivisionCode= @DivisionCode; " & _
"UPDATE tblCompany" & _
" SET tblCompany.CompanyName= @CompanyName"
" FROM tblCompany" & _
" INNER JOIN tblDivision ON tblDivision.CompanyCode = tblCompany.CompanyCode" & _
" WHERE tblDivision.DivisionCode= @DivisionCode; " & _
"COMMIT TRANSACTION t1; " & _
"SELECT * FROM tblDivision;"
Dim dt As New DataTable()
Using con As New SqlConnection("Data Source"), _
cmd As New SqlCommand(sql, con)
'I had to guess at column lengths in here
cmd.Parameters.Add("@Description", SqlDbType.NVarChar, 200).Value = txtDivDesc.Text
cmd.Parameters.Add("@Sequence", SqlDbType.Int).Value = CInt(txtDivSeq.Text)
cmd.Parameters.Add("@CreatedBy", SqlDbType.NVarChar, 40).Value = txtDivCreatedBy.Text
cmd.Parameters.Add("@CreatedDate", SqlDbType.DateTime).Value = CDate(txtDivCreatedDate.Text)
cmd.Parameters.Add("@LastModifiedBy", SqlDbType.NVarChar, 40).Value = txtDivLastModifiedBy.Text
cmd.Parameters.Add("@LastModifiedDate", SqlDbType.DateTime).Value = CDate(txtDivLastModifiedDate.Text)
cmd.Parameters.Add("@DivisionCode", SqlDbType.NVarChar, 10).Value = cmbDivCode.Text
cmd.Parameters.Add("@CompanyName", SqlDbType.NVarChar, 60).Value = cmbDivComName.Text
con.Open()
Using rdr As SqlDataReader = cmd.ExecuteReader()
dt.Load(rdr)
End Using
End Using
DataGridDivision.DataSource = dt
End Sub