Question

每当我尝试注册用户名时，我都会得到以下代码片段。即使对于数据库中不存在的用户名，似乎也会执行。不知道在哪里错了任何帮助将不胜感激。

'Connecting to SQL Database and executing Query------------------------------------------
Dim Strconn As String = "Data Source=.\SQLEXPRESS; Database=QuizDB; Integrated Security = true"
Dim Strcmd As String = "INSERT INTO reg_info(uname,pass,fname,lname,dob,course,college) VALUES ('" & user_name.Text & "','" & con_pass.Text & "', '" & first_name.Text & "', '" & last_name.Text & "', '" & dob.Text & "', '" & course.Text & "', '" & college.Text & "');"
Dim da As New SqlDataAdapter
Dim ds As New DataSet
Dim sqlcmd As SqlCommand
sqlconn = New SqlConnection(Strconn)
Try
    sqlconn.Open()
Catch ex As Exception
    MsgBox("Could not connect to DataBase. Application will close now!", vbCritical, "Database Error")
    End
End Try
sqlcmd = New SqlCommand(Strcmd, sqlconn)
da.SelectCommand = sqlcmd
sqlcmd.Dispose()
sqlconn.Close()

'Exception Handling-----------------------

Dim exc As Exception = Nothing
Try
    da.Fill(ds)
Catch ex As Exception
    exc = ex
Finally
    If Not (exc) Is Nothing Then
        MsgBox("User Name Already Exist. Please select a different User Name!", vbExclamation, "Already Exist")
        user_name.Focus()
    Else
        MsgBox("Registration Successful.", vbInformation, "Successful")
        Me.Close()
        Login.Show()
    End If
End Try

Answer 1

以下是代码的重构，并提供了一些有用的指导。我认为这会编译，但如果没有，那么你可以做一些功课来弄清楚缺少什么。

Try
    ' the USING block guarantees that the object's Close() and Dispose() methods are fired automatically when you exit the block
    Using sqlconn As New SqlConnection("Data Source=.\SQLEXPRESS; Database=QuizDB; Integrated Security = true")
        Using sqlcmd As SqlCommand = sqlconn.CreateCommand
            With sqlcmd
                .CommandType = CommandType.Text

                ' parameterized query to protect against SQL injection
                .CommandText = "INSERT INTO reg_info(uname,pass,fname,lname,dob,course,college) VALUES (@username, @password, @firstname, @lastname, @dob, @course, @college)"
                With .Parameters
                    .Clear()
                    .AddWithValue("@username", user_name.Text)
                    .AddWithValue("@password", con_pass.Text)
                    .AddWithValue("@firstname", first_name.Text)
                    .AddWithValue("@lastname", last_name.Text)
                    .AddWithValue("@dob", dob.Text)
                    .AddWithValue("@course", course.Text)
                    .AddWithValue("@college", college.Text)
                End With
                .ExecuteScalar()  ' Actually executes the SQL command
            End With
        End Using
    End Using
    MsgBox("Registration successful")


Catch ex As Exception
    ' Any error in the TRY block will automatically jump to herem and the "ex" object will be an Exception object with populated properties
    MsgBox("User name already exists.  Error from database is " & ex.Message)

End Try

在vb中插入数据库不起作用

1 个答案: