我试图从文本框中取出vales(逗号分隔)并将它们传递给ExecuteSQL语句中的查询字符串。我不确定如何正确地做到这一点。显而易见的问题是,如果存在多于或少于三个例外,它将会中断。我需要使用数组或列表,但不知道如何将其读回查询字符串?
这是我到目前为止所做的:
Private Sub Button5_Click(sender As System.Object, e As System.EventArgs) Handles Button5.Click
Dim db As New Database
If txtEmpExceptions.Text.ToString() IsNot Nothing Then
Dim EmpExcept1 As String = txtEmpExceptions.Text.ToString().Split(",")(0)
Dim EmpExcept2 As String = txtEmpExceptions.Text.ToString().Split(",")(1)
Dim EmpExcept3 As String = txtEmpExceptions.Text.ToString().Split(",")(2)
db.ExecuteSQL("Delete dbo.Employee where employeeID <> '" & EmpExcept1 & "' and employeeID <> '" & EmpExcept2 & "' and employeeID <> " & EmpExcept3, prodString)
Else
db.ExecuteSQL("Delete dbo.Employee", prodString)
End If
End Sub
答案 0 :(得分:2)
要检查你是否拥有所有输入,你可以先拆分,然后测试string.Split生成的数组中元素的数量
Private Sub Button5_Click(sender As System.Object, e As System.EventArgs) Handles Button5.Click
Dim db As New Database
Dim parts = txtEmpExceptions.Text.Split(",")
If parts.Length <> 3 Then
MessageBox.Show("Text must be splitted in 3 substrings")
return
End If
Dim EmpExcept1 As String = parts(0)
Dim EmpExcept2 As String = parts(1)
Dim EmpExcept3 As String = parts(2)
....
请注意,TextBox.Text永远不会是Nothing。你可以删除那张支票 (并没有严格地与你的问题相关,但正如我在评论中所说,你真的应该尝试使用不同的数据库查询方法来避免不惜一切代价串联)
答案 1 :(得分:0)
这应该在您的体验级别和防止SQL注入之间提供良好的平衡:
Dim empIds As String = "bob, sally, fred" 'This would come from your textbox
Dim emps() As String = empIds.Split(",")
Dim qry As String = "DELETE FROM dbo.Employee WHERE "
Dim whereClause As String = " employeeID <> @param{0} AND "
For i As Integer = 0 To emps.Length - 1
'Add "employeeID <> .. for as many ids as were parsed
qry = String.Concat(qry, String.Format(whereClause, i))
Dim paramName As String = String.Concat("@param", i)
Dim par As new SqlParameter(paramName, SqlDbType.VarChar, 50) 'Assumes your employee ids are text type and max 50 length - adjust accordingly
par.Value = emps(i)
'Now add this parameter to your SqlCommand, I don't know how your db library does that
Next i
'Get rid of the last "AND"
qry = qry.Remove(qry.Length - 4)
'Now set the CommandText of your SqlCommand to qry
'Then execute the command
答案 2 :(得分:0)
在sql中,您可以创建表类型 - 这是我的一个数据库中的示例。根据需要进行修改。
CREATE TYPE [dbo].[AddSample_Type] AS TABLE(
[JobID] [int] NOT NULL,
[SampleDescription] [nvarchar](1000) NOT NULL,
[Notes] [nvarchar](1000) NULL,
[SampleName] [nvarchar](200) NULL,
[StorageLocationID] [int] NULL,
[StorageDispositionID] [int] NULL,
[StorageNotes] [nvarchar](1000) NULL,
[EmployeeID] [int] NULL,
[CheckedOutToEmployee] [bit] NULL
)
GO
您可以创建一个接受此表作为输入的过程。毕竟,使用sql中的行和表更容易,更有效。
CREATE PROCEDURE [dbo].[AddMultipleSamplesToJob]
@SamplesToAdd AddSample_Type Readonly
AS
BEGIN
select JobID,SampleDescription,Notes,SampleName,StorageLocationID,
StorageDispositionID,StorageNotes,EmployeeID,CheckedOutToEmployee, 0 as SampleNumber
from @SamplesToAdd
END
现在,您可以从VB向存储过程发送一个完整行的表。
Dim addSamplesTable As New EPI_JobBookDataSet.AddMultipleSamplesToJobDataTable
Dim AddSamplesAdapter As New EPI_JobBookDataSetTableAdapters.AddMultipleSamplesToJobTableAdapter
'Datatable to be sent in the procedure
Dim TablesamplesToAdd As New EPI_JobBookDataSet.TableType_AddSampleTable
'Make a new row and load it with data
Dim newSampleRow As EPI_JobBookDataSet.TableType_AddSampleRow = TablesamplesToAdd.Rows.Add()
newSampleRow.CheckedOutToEmployee = StorageActivityEntryTool1.WithEmployee
newSampleRow.EmployeeID = StorageActivityEntryTool1.EmployeeID
newSampleRow.JobID = JobID
newSampleRow.Notes = r.Cells(ColumnNotes.Index).Value
newSampleRow.SampleDescription = r.Cells(ColumnDescription.Index).Value
newSampleRow.SampleName = r.Cells(ColumnSampleName.Index).Value
newSampleRow.StorageDispositionID = StorageActivityEntryTool1.DispositionID
newSampleRow.StorageLocationID = StorageActivityEntryTool1.LocationID
newSampleRow.StorageNotes = "Some notes"
'Add more rows if desired
'
'Send the query
AddSamplesAdapter.Fill(addSamplesTable, TablesamplesToAdd)
我希望你觉得这很有用。当我从我的代码中复制它时,请忽略我的行内部的引用,并且懒得为此示例更改这些特定值。