Question

我有这个模块调用过程，我想对它进行参数化。我将一个字符串作为查询发送到过程模块。我看起来已经在谷歌但我找不到我的问题的答案。

Procedures.Insert("INSERT INTO Technician (tec_name, tec_email, rol_id) VALUES ('" & txt_tech.text & "',  '" & txt_tech_email.text & "', " & cbo_tech_role.selectvalue.tostring & ")", "Technican Add Correct")

======================================== 我可能会改变它.....

Procedures.Insert("INSERT INTO Technician (tec_name, tec_email, rol_id) VALUES ('@tech_name',  '@tech_email', '@tech_role' ")", "Technican Add Correct")

================但我不知道我在哪里可以参数化

 Public Sub Insert(query As String, msg As String)
    Dim cn As New SqlConnection(cs)
    Dim cmd As New SqlCommand
    Try
        cn.Open()
        With cmd
            .CommandType = CommandType.Text
            .CommandText = query
            .Connection = cn
            .Parameters.AddValueWith("@tech_name",txt_tech_name.text)
            .Parameters.AddValueWith("@tech_email",txt_tech_email.text)
            .Parameters.AddValueWith("@tech_rol",txt_tech_role.selectValue.tostring)
            .ExecuteNonQuery()
        End With
        MessageBox.Show(msg, "INSERT", MessageBoxButtons.OK, MessageBoxIcon.Information)
    Catch ex As Exception
        MessageBox.Show(ex.Message.ToString, ".  :  :    ERROR    :  :  .", MessageBoxButtons.OK, MessageBoxIcon.Error)
    Finally
        If cn IsNot Nothing AndAlso cn.State <> ConnectionState.Closed Then
            cn.Close()
            cn = Nothing
        End If
    End Try
End Sub

因为我有一个独立于主代码的模块，所以我无法调用文本框，因为它们与主模块是分开的...任何关于如何做到这一点的想法？ ......不要太难......这是我用VB工作的14周..：/

Answer 1

添加到SqlParameters的Insert函数参数

Public Sub Insert(query As String, msg As String, params As SqlParameter())
    Dim cn As New SqlConnection(cs)
    Dim cmd As New SqlCommand
    Try
        cn.Open()
        With cmd
            .CommandType = CommandType.Text
            .CommandText = query
            .Connection = cn
            If params IsNot Nothing AndAlso params.Count > 0 Then
                .Parameters.AddRange(params)
            End If
            .ExecuteNonQuery()
        End With
        MessageBox.Show(msg, 
                        "INSERT", 
                        MessageBoxButtons.OK, 
                        MessageBoxIcon.Information)
    Catch ex As Exception
        MessageBox.Show(ex.Message.ToString, ".  :  :    ERROR    :  :  .",
                       MessageBoxButtons.OK, 
                       MessageBoxIcon.Error)
    Finally
        If cn IsNot Nothing AndAlso cn.State <> ConnectionState.Closed Then
            cn.Close()
            cn = Nothing
        End If
    End Try
End Sub

然后像这样使用它：

Dim query As String = "INSERT INTO Technician (tec_name, tec_email, rol_id) VALUES (@tech_name, @tech_email, @tech_role)"
Dim msg As String = "Technican Add Correct"
Dim params As SqlParameter() = {New SqlParameter("@tech_name",txt_tech_name.text),
                                New SqlParameter("@tech_email",txt_tech_email.text),
                                New SqlParameter("@tech_rol",txt_tech_role.selectValue.tostring)}

Procedures.Insert(query, msg, params)

使用SqlParameter数组可以使用string以外的参数类型使用相同的函数

Answer 2

你可以这样做......它适合我。

        String query = "INSERT INTO Technician(tec_name, tec_email, rol_id) VALUES(@tech_name, @tech_email, @tech_rolr)"
        params = {"tech_name", "tech_email", "tech_rolr"}
        values = {"" & txt_tech_name.text, "" & txt_tech_email.text, "" & txt_tech_role.selectValue.tostring()}

        SaveUpdateDelete(query, params, values)

在模块下，你可以把这个

    Public params() As String
    Public values() As String

    Public Sub SaveUpdateDelete(ByVal sql As String, ByVal parameters() As String, ByVal Values() As String)
      If con.State = ConnectionState.Open Then
          con.Close()
      End If
      con.Open()
      command = New MySqlCommand(sql, con)

      For i = 0 To parameters.Count - 1
          command.Parameters.AddWithValue("@" & parameters(i).ToString, Values(i))
      Next
      command.CommandText = sql
      command.ExecuteNonQuery()

      con.Close()
    End Sub

方法SaveUpdateDelete适用于添加，更新和删除数据..您的代码只会在查询中有所不同。 .. “插入，更新，删除”

在vb中参数化sql

2 个答案: