数据未插入数据库
data is not inserted to database
我尝试使用此代码将数据插入数据库
Public Sub AddUser()
Dim con As dbConn = New dbConn()
Dim SqlSelect As String
SqlSelect = "SELECT * FROM login Where user_id='" & WorkerID_.Text & "'"
Dim cmd As New OleDbCommand(SqlSelect, con.oleconnection)
Dim reader As OleDbDataReader
Dim da As New OleDbDataAdapter
con.open()
reader = cmd.ExecuteReader()
reader.Read()
If reader.HasRows() Then
reader.Close()
con.close()
FailureText.Text = "User ID already exists!"
Else
reader.Close()
con.close()
Dim InsertSQL As String
InsertSQL = "INSERT INTO login (user_id, user_role, user_password, user_status) VALUES "
InsertSQL &= "('" & WorkerID_.Text & "', "
InsertSQL &= "'Worker', "
InsertSQL &= "'12345', 1)"
Dim SqlUpdate As String
SqlUpdate = "INSERT INTO Worker (ID, WorkerID, WorkerName, DoB, Address, Phone, Email, CompanyName, PassportNum, PassportExp, VisaExp, VisaStatus, user_id) VALUES (default,"
SqlUpdate &= "'" & WorkerID_.Text & "', "
SqlUpdate &= "'" & WorkerName.Text & "', "
SqlUpdate &= "'" & DoB.Text & "', "
SqlUpdate &= "'" & Address.Text & "', "
SqlUpdate &= "'" & Phone.Text & "', "
SqlUpdate &= "'" & Email.Text & "', "
SqlUpdate &= "'" & Company.SelectedValue & "', "
SqlUpdate &= "'" & PassNum.Text & "', "
SqlUpdate &= "'" & PassExp.Text & "', "
SqlUpdate &= "'" & VisaExp.Text & "', "
SqlUpdate &= "'No Visa', "
SqlUpdate &= "'" & WorkerID_.Text & "') "
Dim insertCommand As New OleDbCommand(SqlUpdate, con.oleconnection)
Dim cmd1 As New OleDbCommand(InsertSQL, con.oleconnection)
Try
con.open()
cmd1.ExecuteNonQuery()
insertCommand.ExecuteNonQuery()
Catch
FailureText.Text = "Unable to add user"
Finally
con.close()
End Try
End If
Response.Redirect("Workers.aspx")
End Sub
Insert into login 部分正在运行。数据插入良好。但对于 insert into worker 部分不起作用。数据未插入 table。该程序没有显示错误,它仍然可以工作。这可能有什么问题?
您似乎有 12 个参数要插入,并且在插入查询的 VALUES 部分有 13 个参数。在下面的值部分中看到的默认值是有意的吗?
INSERT INTO Worker (ID, ... VisaStatus) VALUES (default,"
确保您定义和添加的参数数量正确,然后告诉我们,但我可能遗漏了其他内容。
阅读 OleDb 上的另一个答案 I just answered on another post。您也会对 sql-injection 敞开心扉。参数化查询。通过连接字符串来构建一个命令,如果一个值在文本条目中有一个 single-quote 会怎么样。你现在被冲洗干净了。如果有人发出恶意 SQL 命令然后删除您的记录或整个 table(s) 怎么办。学习参数化您的查询并清理值,尤其是来自 Web 界面时。
您的命令可能应该更新为
Dim con As dbConn = New dbConn()
Dim SqlSelect As String
SqlSelect = "SELECT * FROM login Where user_id= @parmUserID"
Dim cmd As New OleDbCommand(SqlSelect, con.oleconnection)
cmd.Parameters.AddWithValue( "parmUserID", WorkerID_.Text )
Follow-suit 使用插入和更新命令...参数化它们,但在您的命令中使用 @variable place-holders。
Dim InsertSQL As String
InsertSQL = "INSERT INTO login (user_id, user_role, user_password, user_status) "
InsertSQL &= " VALUES ( @parmUser, @parmRole, @parmPwd, @parmStatus )"
Dim cmdInsert As New OleDbCommand(InsertSQL, con.oleconnection)
cmdInsert.Parameters.AddWithValue( "parmUser", WorkerID_.Text )
cmdInsert.Parameters.AddWithValue( "parmRole", "Worker" )
cmdInsert.Parameters.AddWithValue( "parmPwd", "12345" )
cmdInsert.Parameters.AddWithValue( "parmStatus", 1 )
Dim SqlUpdate As String
SqlUpdate = "INSERT INTO Worker (ID, WorkerID, WorkerName, DoB, Address, Phone, Email, CompanyName, PassportNum, PassportExp, VisaExp, VisaStatus, user_id) "
SqlUpdate &= " VALUES ( @parmID, @parmName, @parmDoB, etc... ) "
Dim cmdUpdate As New OleDbCommand(SqlUpdate, con.oleconnection)
cmdUpdate.Parameters.AddWithValue( "parmID", WorkerID_.Text )
cmdUpdate.Parameters.AddWithValue( "parmName", WorkerName.Text )
cmdUpdate.Parameters.AddWithValue( "parmDoB", DoB.Text )
-- etc with the rest of the parameters.
最后的说明。确保您尝试插入或更新的数据类型与 table 中预期的类型相同。这样的例子就是您的 "Birth Date" (DoB) 字段。如果您尝试插入简单文本,并且它不是 auto-converted 格式,则 SQL-Insert 可能会阻塞并失败。如果您有一个绑定到 DateTime 类型的文本框,那么您的参数可能是 Dob.SelectedDate(例如日历控件),或者您可以 pre-convert 从文本到日期时间,然后使用 THAT 作为您的参数值.
其他数值,也一样保留,直接申请插入。您还可以确定 AddWithValue() 调用参数应表示的数据类型(字符串、整数、双精度、日期时间等)
我尝试使用此代码将数据插入数据库
Public Sub AddUser()
Dim con As dbConn = New dbConn()
Dim SqlSelect As String
SqlSelect = "SELECT * FROM login Where user_id='" & WorkerID_.Text & "'"
Dim cmd As New OleDbCommand(SqlSelect, con.oleconnection)
Dim reader As OleDbDataReader
Dim da As New OleDbDataAdapter
con.open()
reader = cmd.ExecuteReader()
reader.Read()
If reader.HasRows() Then
reader.Close()
con.close()
FailureText.Text = "User ID already exists!"
Else
reader.Close()
con.close()
Dim InsertSQL As String
InsertSQL = "INSERT INTO login (user_id, user_role, user_password, user_status) VALUES "
InsertSQL &= "('" & WorkerID_.Text & "', "
InsertSQL &= "'Worker', "
InsertSQL &= "'12345', 1)"
Dim SqlUpdate As String
SqlUpdate = "INSERT INTO Worker (ID, WorkerID, WorkerName, DoB, Address, Phone, Email, CompanyName, PassportNum, PassportExp, VisaExp, VisaStatus, user_id) VALUES (default,"
SqlUpdate &= "'" & WorkerID_.Text & "', "
SqlUpdate &= "'" & WorkerName.Text & "', "
SqlUpdate &= "'" & DoB.Text & "', "
SqlUpdate &= "'" & Address.Text & "', "
SqlUpdate &= "'" & Phone.Text & "', "
SqlUpdate &= "'" & Email.Text & "', "
SqlUpdate &= "'" & Company.SelectedValue & "', "
SqlUpdate &= "'" & PassNum.Text & "', "
SqlUpdate &= "'" & PassExp.Text & "', "
SqlUpdate &= "'" & VisaExp.Text & "', "
SqlUpdate &= "'No Visa', "
SqlUpdate &= "'" & WorkerID_.Text & "') "
Dim insertCommand As New OleDbCommand(SqlUpdate, con.oleconnection)
Dim cmd1 As New OleDbCommand(InsertSQL, con.oleconnection)
Try
con.open()
cmd1.ExecuteNonQuery()
insertCommand.ExecuteNonQuery()
Catch
FailureText.Text = "Unable to add user"
Finally
con.close()
End Try
End If
Response.Redirect("Workers.aspx")
End Sub
Insert into login 部分正在运行。数据插入良好。但对于 insert into worker 部分不起作用。数据未插入 table。该程序没有显示错误,它仍然可以工作。这可能有什么问题?
您似乎有 12 个参数要插入,并且在插入查询的 VALUES 部分有 13 个参数。在下面的值部分中看到的默认值是有意的吗?
INSERT INTO Worker (ID, ... VisaStatus) VALUES (default,"
确保您定义和添加的参数数量正确,然后告诉我们,但我可能遗漏了其他内容。
阅读 OleDb 上的另一个答案 I just answered on another post。您也会对 sql-injection 敞开心扉。参数化查询。通过连接字符串来构建一个命令,如果一个值在文本条目中有一个 single-quote 会怎么样。你现在被冲洗干净了。如果有人发出恶意 SQL 命令然后删除您的记录或整个 table(s) 怎么办。学习参数化您的查询并清理值,尤其是来自 Web 界面时。
您的命令可能应该更新为
Dim con As dbConn = New dbConn()
Dim SqlSelect As String
SqlSelect = "SELECT * FROM login Where user_id= @parmUserID"
Dim cmd As New OleDbCommand(SqlSelect, con.oleconnection)
cmd.Parameters.AddWithValue( "parmUserID", WorkerID_.Text )
Follow-suit 使用插入和更新命令...参数化它们,但在您的命令中使用 @variable place-holders。
Dim InsertSQL As String
InsertSQL = "INSERT INTO login (user_id, user_role, user_password, user_status) "
InsertSQL &= " VALUES ( @parmUser, @parmRole, @parmPwd, @parmStatus )"
Dim cmdInsert As New OleDbCommand(InsertSQL, con.oleconnection)
cmdInsert.Parameters.AddWithValue( "parmUser", WorkerID_.Text )
cmdInsert.Parameters.AddWithValue( "parmRole", "Worker" )
cmdInsert.Parameters.AddWithValue( "parmPwd", "12345" )
cmdInsert.Parameters.AddWithValue( "parmStatus", 1 )
Dim SqlUpdate As String
SqlUpdate = "INSERT INTO Worker (ID, WorkerID, WorkerName, DoB, Address, Phone, Email, CompanyName, PassportNum, PassportExp, VisaExp, VisaStatus, user_id) "
SqlUpdate &= " VALUES ( @parmID, @parmName, @parmDoB, etc... ) "
Dim cmdUpdate As New OleDbCommand(SqlUpdate, con.oleconnection)
cmdUpdate.Parameters.AddWithValue( "parmID", WorkerID_.Text )
cmdUpdate.Parameters.AddWithValue( "parmName", WorkerName.Text )
cmdUpdate.Parameters.AddWithValue( "parmDoB", DoB.Text )
-- etc with the rest of the parameters.
最后的说明。确保您尝试插入或更新的数据类型与 table 中预期的类型相同。这样的例子就是您的 "Birth Date" (DoB) 字段。如果您尝试插入简单文本,并且它不是 auto-converted 格式,则 SQL-Insert 可能会阻塞并失败。如果您有一个绑定到 DateTime 类型的文本框,那么您的参数可能是 Dob.SelectedDate(例如日历控件),或者您可以 pre-convert 从文本到日期时间,然后使用 THAT 作为您的参数值.
其他数值,也一样保留,直接申请插入。您还可以确定 AddWithValue() 调用参数应表示的数据类型(字符串、整数、双精度、日期时间等)