我想在数据库中插入记录但在插入之前,必须首先检查数据库是否已经存在插入的值。现在我的问题是,即使值仍然不存在,我也无法插入数据库。
这是我的代码:
Dim check As New SqlCommand
Dim sqlcheck As String = "SELECT SerialNumber FROM EquipmentDetail WHERE SerialNumber = '" & TextBox1.Text & "'"
connection.Open()
check.Connection = connection
check.CommandText = sqlcheck
Dim read As SqlDataReader = check.ExecuteReader()
If read.HasRows Then
While read.Read()
If read("SerialNumber").ToString() = TextBox1.Text Then
MessageBox.Show(read("SerialNumber").ToString() & " was already added")
Else
cmd.Connection = connection
cmd.CommandText = "INSERT INTO EquipmentDetail (SerialNumber, BoxNumber, FATTNumber, FaultTicketNumber, Description, ProductCode)" &
"VALUES('" & TextBox1.Text & "', '" & TextBox2.Text & "', '" & TextBox3.Text & "', '" & TextBox4.Text & "', '" & TextBox6.Text & "', '" & ComboBox1.Text & "')"
cmd.ExecuteNonQuery()
MessageBox.Show("Equipment successfully added.", "Equipment", MessageBoxButtons.OK)
TextBox1.Text = ""
TextBox2.Text = ""
TextBox3.Text = ""
TextBox4.Text = ""
TextBox6.Text = ""
TextBox1.Focus()
connection.Close()
End If
End While
End If
read.Close()
答案 0 :(得分:2)
您的代码存在许多问题。
首先,您有一个可以使用参数解决的SQL注入漏洞。
其次,您正在开放式数据加载器中执行数据库活动,这可能会导致许多问题。
第三,您正在执行太多工作来确定序列号是否存在。您可以使用SQL Server Exists语句和SqlCommand的ExecuteScalar方法来返回和测试单个值,这使代码更快更容易理解。
最后,您需要确保丢弃一次性物品,最简单/最好的方法是使用使用块。
可以使用以下代码解决这些问题:
Using connection As New SqlConnection(connStr)
Dim sqlcheck As String = "IF EXISTS(select 1 FROM EquipmentDetail WHERE SerialNumber=@SerialNumber) SELECT 1 ELSE SELECT 0"
Using cmd As New SqlCommand(sqlcheck, connection)
cmd.Parameters.AddWithValue("@SerialNumber", TextBox1.Text)
connection.Open()
If CBool(cmd.ExecuteScalar) Then
MessageBox.Show(TextBox1.Text & " was already added")
Else
Using insertCmd As New SqlCommand
insertCmd.Connection = connection
insertCmd.CommandText = "INSERT INTO EquipmentDetail (SerialNumber, BoxNumber, FATTNumber, FaultTicketNumber, Description, ProductCode)" &
"VALUES(@SerialNumber, @BoxNumber, @FATTNumber, @FaultTicketNumber, @Description, @ProductCode)"
insertCmd.Parameters.AddWithValue("@SerialNumber", TextBox1.Text)
insertCmd.Parameters.AddWithValue("@BoxNumber", TextBox2.Text)
insertCmd.Parameters.AddWithValue("@FATTNumber", TextBox3.Text)
insertCmd.Parameters.AddWithValue("@FaultTicketNumber", TextBox4.Text)
insertCmd.Parameters.AddWithValue("@Description", TextBox6.Text)
insertCmd.Parameters.AddWithValue("@ProductCode", ComboBox1.Text)
insertCmd.ExecuteNonQuery()
MessageBox.Show("Equipment successfully added.", "Equipment", MessageBoxButtons.OK)
TextBox1.Text = ""
TextBox2.Text = ""
TextBox3.Text = ""
TextBox4.Text = ""
TextBox6.Text = ""
TextBox1.Focus()
End Using
End If
End Using
connection.Close()
End Using
答案 1 :(得分:0)
如果db中不存在SerialNumber值,则不会返回任何内容 - 因此永远不会到达包含插入的块。
答案 2 :(得分:0)
首先,您要连接字符串以创建SQL语句。非常危险,请阅读SQL注入和参数化。
问题似乎是因为只有在SerialNumber检查的结果有行时才执行INSERT。但是如果SerialNumber不存在,它将不会做任何事情。您应该尝试修改If语句,如下所示:
If read.HasRows Then
MessageBox.Show(read("SerialNumber").ToString() & " was already added")
Else
cmd.Connection = connection
cmd.CommandText = "INSERT INTO EquipmentDetail (SerialNumber, BoxNumber, FATTNumber, FaultTicketNumber, Description, ProductCode)" &
"VALUES('" & TextBox1.Text & "', '" & TextBox2.Text & "', '" & TextBox3.Text & "', '" & TextBox4.Text & "', '" & TextBox6.Text & "', '" & ComboBox1.Text & "')"
cmd.ExecuteNonQuery()
MessageBox.Show("Equipment successfully added.", "Equipment", MessageBoxButtons.OK)
TextBox1.Text = ""
TextBox2.Text = ""
TextBox3.Text = ""
TextBox4.Text = ""
TextBox6.Text = ""
TextBox1.Focus()
connection.Close()
End If
read.Close()