使用许多参数保护Sql查询

时间:2014-10-01 12:38:02

标签: mysql vb.net

当我运行此代码块时,会显示一条消息:"发生致命错误。"请告诉我什么是错的。

Try
    con.Open()
    'Get the sales number from the sales table to confirm when the shoe is sold.
    .CommandText = "SELECT sales.Sales_number, clients.Client_id from sales JOIN clients ON (sales.Serial_number = clients.Serial_number) WHERE sales.Serial_number = @Serial"

    objDataAdapter = New MySqlDataAdapter(.CommandText, con)
    objDataAdapter.SelectCommand.Parameters.AddWithValue("@Serial", strSerial)
    objDataAdapter.Fill(objDataset)
    'Sales number
    strRSerial = objDataset.Tables(0).Rows(0).Item(0).ToString
    strClientID = objDataset.Tables(0).Rows(0).Item(1).ToString


    'Update the shoe in store table to confirm when sales is made 
    'Here we update the table Shoein Store

    .CommandText = "UPDATE `mayombe_mdcs`.`shoesinstore` SET `Sales_number` = @RSerial WHERE Serial_number = @Serial2 ;"
    cmd = New MySqlCommand(.CommandText)
    objDataAdapter.SelectCommand.Parameters.AddWithValue("@RSerial", strRSerial)
    objDataAdapter.SelectCommand.Parameters.AddWithValue("@Serial2", strSerial)
    updateResponse1 = cmd.ExecuteNonQuery
       con.close()                    
catch ex as Exception
   MsgBox(ex.message)
end try

0 个答案:

没有答案