如何使用 vb.net 将文本框值插入到 sql server 2012 数据库
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28168859/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to insert textbox values to sql server 2012 database using vb.net
提问by user3675298
i have a problem with my connection to database dont know where the exact problem is.i have to insert values of textbox to the sql server database. here is my code:
我与数据库的连接有问题,不知道确切的问题出在哪里。我必须将文本框的值插入到 sql server 数据库中。这是我的代码:
Imports System.Data
Imports System.Data.SqlClient
Public Class lbluog
Dim myconnection As SqlConnection
Dim mycommand As SqlCommand
Dim dr As SqlDataReader
Dim dr1 As SqlDataReader
Dim ra As Integer
Private Sub btnadddata_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnadddata.Click
myconnection = New SqlConnection("server=TAHIR-PC;database=myDataBase")
'you need to provide password for sql server
myconnection.Open()
mycommand = New SqlCommand("insert into tblstudentrecords([fname],[lname],[fathername],[phoneno],[address]) values ('" & txtfname.Text & "','" & txtlname.Text & "','" & txtfathername.Text & "','" & txtphoneno.Text & "','" & txtaddress.Text & "')", myconnection)
mycommand.ExecuteNonQuery()
MessageBox.Show("New Row Inserted" & ra)
myconnection.Close()
End Sub
End Class
kindly anyone help me out advance in thanx
请有人帮我提前thanx
回答by b.pell
I used your variables names mostly but cleaned up the code a little. First I declared the SqlConnection and SqlCommand with using blocks so that they will be Disposed of properly when they're finished. Second, I altered your SQL command and parameterized it. This will help you avoid SQL injection exploits. I used short form "AddWithValue" because I didn't specifically know the datatypes to declare them as they are in your database (this way should work).
我主要使用您的变量名称,但稍微清理了代码。首先,我使用 using 块声明了 SqlConnection 和 SqlCommand,以便它们在完成后被正确处理。其次,我更改了您的 SQL 命令并对其进行了参数化。这将帮助您避免 SQL 注入漏洞。我使用了简短的形式“AddWithValue”,因为我不知道在数据库中声明它们的数据类型(这种方式应该有效)。
Private Sub btnadddata_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnadddata.Click
' Assumes your login account has permissions to the database
Using myconnection As SqlConnection = New SqlConnection("server=TAHIR-PC;database=myDataBase;trusted_connection=yes;")
myconnection.Open()
Using mycommand As SqlCommand = myconnection.CreateCommand
' Setup the SQL command with parameters. Parameters protect from SQL injection exploits (and make your SQL easier to read/manage).
mycommand.CommandText = "insert into tblstudentrecords([fname],[lname],[fathername],[phoneno],[address]) values (@fname, @lname, @farthername, @phoneno, @address)"
mycommand.Parameters.AddWithValue("@fname", txtfname.Text)
mycommand.Parameters.AddWithValue("@lname", txtlname.Text)
mycommand.Parameters.AddWithValue("@fathername", txtfathername.Text)
mycommand.Parameters.AddWithValue("@phoneno", txtphoneno.Text)
mycommand.Parameters.AddWithValue("@address", txtaddress.Text)
Dim rowsAffected As Integer = mycommand.ExecuteNonQuery()
' This would be one always in this case unless the statement failed
MessageBox.Show("Rows inserted: " & rowsAffected)
End Using
myconnection.Close()
End Using
End Sub
If you're having a connection issue you should post the specific Exception text (or any other Exception text you're receiving).
如果您遇到连接问题,您应该发布特定的异常文本(或您收到的任何其他异常文本)。
