gpt4 book ai didi

mysql - 是什么导致我的 UPDATE 语句不起作用?

转载 作者:可可西里 更新时间:2023-11-01 08:06:45 24 4
gpt4 key购买 nike

大家晚上好

我正在使用以下内容尝试更新我的 MySQL 数据库中的记录,但记录没有更新,我也没有捕获到任何异常。非常感谢您的帮助:

dbConn = New MySqlConnection("Server=" & FormLogin.ComboBoxServerIP.SelectedItem & ";Port=3306;Uid=trojan;Password=horse;Database=accounting")
Try
If dbConn.State = ConnectionState.Open Then
dbConn.Close()
Else
Try
dbConn.Open()
Dim dbAdapter As New MySqlDataAdapter("UPDATE customer " & _
"SET accountNumber= '" & TextBoxAccount.Text & "', nameLAST='" & TextBoxLastName.Text & "', nameFIRST='" & TextBoxFirstName.Text & "'" & _
"nameSALUTATION='" & ComboBoxSalutation.SelectedItem & "', nameCOMPANY='" & TextBoxCompanyName.Text & "', addressSTREET='" & TextBoxAddress1.Text & "'" & _
"addressSTREET1='" & TextBoxAddress2.Text & "', addressCITY='" & TextBoxCity.Text & "', addressSTATE='" & ComboBoxState.SelectedItem & "'" & _
"addressZIPCODE='" & MaskedTextBoxZip.Text & "', phone='" & MaskedTextBoxPhone.Text & "', fax='" & MaskedTextBoxFax.Text & "', email='" & TextBoxEmail.Text & "'" & _
"WHERE accountNumber='" & TextBoxAccount.Text & "';", dbConn)
Catch ex As Exception
MessageBox.Show("A DATABASE ERROR HAS OCCURED" & vbCrLf & vbCrLf & ex.Message & vbCrLf & _
vbCrLf + "Please report this to the IT/Systems Helpdesk at Ext 131.")
End Try
MessageBox.Show("Customer account SUCCESSFULLY updated!")
Call lockForm()
End If
Catch ex As Exception
MessageBox.Show("A DATABASE ERROR HAS OCCURED" & vbCrLf & vbCrLf & ex.Message & vbCrLf & _
vbCrLf + "Please report this to the IT/Systems Helpdesk at Ext 131.")
End Try
Call lockForm()
dbConn.Close()

最佳答案

使用 MySQLCommand 而不是 MySQLDataAdapter。您正在破坏使用 ADONet 的目的,因为您的代码仍然容易受到 sql 注入(inject)的攻击。使其参数化。以下是您的代码中的修改代码。它使用 Using-End Using 来正确处理对象处置。

Dim ConnectionString As String ="Server=" & FormLogin.ComboBoxServerIP.SelectedItem & ";Port=3306;Uid=trojan;Password=horse;Database=accounting"
Dim iQuery As String = "UPDATE customer " & _
"SET accountNumber = @accountNumber, nameLAST = @nameLAST, nameFIRST = @nameFIRST, " & _
" nameSALUTATION = @nameSALUTATION, nameCOMPANY = @nameCOMPANY, addressSTREET = @addressSTREET, " & _
" addressSTREET1 = @addressSTREET1, addressCITY = @addressCITY, addressSTATE = @addressSTATE, " & _
" addressZIPCODE = @addressZIPCODE, phone = @phone, fax = @fax, email = @email " & _
"WHERE accountNumber = @accountNumber"

Using dbConn As New MySqlConnection(ConnectionString)
Using dbComm As New MySQLCommand()
With dbComm
.Connection = dbConn
.CommandType = CommandType.Text
.CommandText = iQuery
.Parameters.AddWithValue("@accountNumber", TextBoxAccount.Text )
.Parameters.AddWithValue("@nameLAST", TextBoxLastName.Text)
.Parameters.AddWithValue("@nameFIRST", TextBoxFirstName.Text)
.Parameters.AddWithValue("@nameSALUTATION", ComboBoxSalutation.SelectedItem)
.Parameters.AddWithValue("@nameCOMPANY", TextBoxCompanyName.Text)
.Parameters.AddWithValue("@addressSTREET", TextBoxAddress1.Text)
.Parameters.AddWithValue("@addressSTREET1", TextBoxAddress2.Text)
.Parameters.AddWithValue("@addressCITY", TextBoxCity.Text)
.Parameters.AddWithValue("@addressSTATE", ComboBoxState.SelectedItem)
.Parameters.AddWithValue("@addressZIPCODE", MaskedTextBoxZip.Text)
.Parameters.AddWithValue("@phone", MaskedTextBoxPhone.Text)
.Parameters.AddWithValue("@fax", MaskedTextBoxFax.Text)
.Parameters.AddWithValue("@email", TextBoxEmail.Text)
End With
Try
dbConn.Open
dbComm.ExecuteNonQuery()

MessageBox.Show("Customer account SUCCESSFULLY updated!")
Call lockForm()
Catch( ex as MySQLException)
MessageBox.Show("A DATABASE ERROR HAS OCCURED" & vbCrLf & vbCrLf & ex.Message & vbCrLf & _
vbCrLf + "Please report this to the IT/Systems Helpdesk at Ext 131.")
Finally
dbConn.Close()
End Try
End Using
End Using

关于mysql - 是什么导致我的 UPDATE 语句不起作用?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12415682/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com