我不知道如何使用参数化,并希望有人指出我正确的方向。
这是我目前正在使用的内容。
Public Class main
Dim dbCon As New MySqlConnection("Server=localhost;Database=payid;Uid=root")
Dim strQuery As String = ""
Dim SQLCmd As MySqlCommand
Dim DR As MySqlDataReader
Private Sub Use()
Try
strQuery = "UPDATE payid " & _
"SET used='" & amen.Text & "' " & _
"WHERE payid='" & TextBox1.Text & "'"
SQLCmd = New MySqlCommand(strQuery, dbCon)
dbCon.Open()
SQLCmd.ExecuteNonQuery()
dbCon.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
如果有人可以为我更改,我可以完成其余的代码。
答案 0 :(得分:0)
strQuery = "UPDATE payid SET used=@used WHERE payid=@payid "
SQLCmd = New MySqlCommand(strQuery, dbCon)
SQLCmd.Parameters.AddWithValue("@used", amen.Text)
SQLCmd.Parameters.AddWithValue("@payid", TextBox1.Text )