从字符串 "The INSERT INTO statement contai" 到类型 'Boolean' 的转换无效
Conversion from string "The INSERT INTO statement contai" to type 'Boolean' is not valid
我正在 MSVStudio 中创建注册表单,但总是出现错误。我已经将每个变量设置为它们自己的数据类型,但同样的错误提示给我。
"Conversion from string "包含“键入 'Boolean' 的 INSERT INTO 语句无效。”
这是我在 class
中的函数
Function registercust(ByVal a As String, ByVal b As String, ByVal c As String, ByVal d As String, ByVal f As String, ByVal g As String, ByVal h As DateTime, ByVal i As String, ByVal j As String)
Dim conn As New OleDb.OleDbConnection
Dim dr As OleDb.OleDbDataReader
Dim rs As New OleDb.OleDbCommand
Try
conn.ConnectionString = cs
conn.Open()
query = "Insert into custinfo (`custid`,`lastname`,`firstname`,`mi`,`address`,`telephone`,`birthday`,`age`,`status`) values('" & a & "','" & b & "','" & c & "','" & d & "','" & f & "','" & g & "','" & h & "','" & i & "','" & j & "')"
rs = New OleDb.OleDbCommand(query, conn)
dr = rs.ExecuteReader
If dr.Read Then
Return True
Else
Return False
End If
Catch ex As Exception
Return ex.Message
End Try
conn.Close()
End Function
这是我的代码哟我的按钮
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
If class1.chkfieldss(TextBox14.Text, TextBox1.Text, _
TextBox8.Text, TextBox9.Text, _
TextBox10.Text, TextBox11.Text, TextBox12.Text) = False Then
If class1.registercust(TextBox14.Text, TextBox1.Text, TextBox8.Text, TextBox9.Text, TextBox10.Text, _
TextBox11.Text, DateTimePicker1.Value, _
TextBox12.Text, ComboBox3.SelectedItem) = False Then
MessageBox.Show("REGISTER SUCCESSFULLY", "Welcome", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
Else
MessageBox.Show("Something Happen", "Error", MessageBoxButtons.OK, _
MessageBoxIcon.Error)
End If
Else
MessageBox.Show("Complete all fields", "Error", MessageBoxButtons.OK, _
MessageBoxIcon.Error)
End If
End Sub
您的插入语句有误。使用调试方法来识别错误。使用参数化查询总是更好。
这将有助于防止 SQL 注入攻击以及有助于省略连接错误,例如用户输入中的引号 (')
您是关闭 strict compiler option 的另一个受害者。这应该总是。
您尚未为函数 registercust 定义 return 类型。我应该期待布尔值还是字符串?
Function registercust(...) '<- As surprise?
您的查询失败,可能是因为您创建查询的方式太可怕了。 总是 使用prepared statements。函数 returns 错误消息(字符串)"The INSERT INTO statement contai...".
Return ex.Message
现在,回到 Button2_Click 方法,您正在尝试将 returned 值与布尔值进行比较。
If class1.registercust(...) = False Then
这是您的代码中断的地方。您不能将值 "The INSERT INTO statement contai..."(字符串)转换为 False 或 True(布尔值)。
这就是您的函数的外观 - 请参阅代码注释
' you should really pass customer model with properties here instead of all these arguments
Public Class Customer
Public Property CustId As String
Public Property LastName As String
Public Property FirstName As String
Public Property Mi As String
Public Property Address As String
Public Property Telephone As String
Public Property Birthday As String
Public Property Age As String
Public Property Status As String
End Class
. . . . . . . . .
Function RegisterCust(ByVal c As Customer) As Boolean '<-- add returning type
Dim retVal As Boolean
' "Using" helps to dispose of objects that implement IDisposable
' Try to avoid oledb provider altogether for RDBMSs
Using conn As OleDb.OleDbConnection = New OleDb.OleDbConnection(cs) ' pass conn str on creation
' This makes for clean code
Dim query As String = "Insert into custinfo " &
"(custid, lastname, firstname, mi, address, telephone, birthday, age, status) values " &
"('{0}', '{1}', '{2}', '{3}', '{4}', '{5}', '{6}', '{7}', '{8}')"
query = String.Format(query, c.CustId, c.LastName, c.FirstName, c.Mi, c.Address, c.Telephone, c.Birthday, c.Age, c.Status)
' Now, this query above "all good and dandy" but it is vulnerable to sql injection.
' To prevent it, instead of '{1}', you would type something like @1, or if you want, @lastname - a parameter name
' Then, add a parameter with your value to cmd.parameter collection.
Using cmd As OleDb.OleDbCommand = New OleDb.OleDbCommand(query, conn)
conn.Open()
' your query doesn't need reader. You inserting value without returning anything
retVal = cmd.EcecuteNonQuery() > 0 ' Assign return value
End Using ' cmd
conn.Close()
End Using ' conn
return retVal
End Function
我删除了异常处理,因为您没有真正的处理。使用 using 你至少可以确保对象在该方法退出之前关闭。如果你愿意,你可以把这整个东西包装成 try-block
这不是您必须要做的,但它是一种很好的格式
我正在 MSVStudio 中创建注册表单,但总是出现错误。我已经将每个变量设置为它们自己的数据类型,但同样的错误提示给我。 "Conversion from string "包含“键入 'Boolean' 的 INSERT INTO 语句无效。”
这是我在 class
中的函数 Function registercust(ByVal a As String, ByVal b As String, ByVal c As String, ByVal d As String, ByVal f As String, ByVal g As String, ByVal h As DateTime, ByVal i As String, ByVal j As String)
Dim conn As New OleDb.OleDbConnection
Dim dr As OleDb.OleDbDataReader
Dim rs As New OleDb.OleDbCommand
Try
conn.ConnectionString = cs
conn.Open()
query = "Insert into custinfo (`custid`,`lastname`,`firstname`,`mi`,`address`,`telephone`,`birthday`,`age`,`status`) values('" & a & "','" & b & "','" & c & "','" & d & "','" & f & "','" & g & "','" & h & "','" & i & "','" & j & "')"
rs = New OleDb.OleDbCommand(query, conn)
dr = rs.ExecuteReader
If dr.Read Then
Return True
Else
Return False
End If
Catch ex As Exception
Return ex.Message
End Try
conn.Close()
End Function
这是我的代码哟我的按钮
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
If class1.chkfieldss(TextBox14.Text, TextBox1.Text, _
TextBox8.Text, TextBox9.Text, _
TextBox10.Text, TextBox11.Text, TextBox12.Text) = False Then
If class1.registercust(TextBox14.Text, TextBox1.Text, TextBox8.Text, TextBox9.Text, TextBox10.Text, _
TextBox11.Text, DateTimePicker1.Value, _
TextBox12.Text, ComboBox3.SelectedItem) = False Then
MessageBox.Show("REGISTER SUCCESSFULLY", "Welcome", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
Else
MessageBox.Show("Something Happen", "Error", MessageBoxButtons.OK, _
MessageBoxIcon.Error)
End If
Else
MessageBox.Show("Complete all fields", "Error", MessageBoxButtons.OK, _
MessageBoxIcon.Error)
End If
End Sub
您的插入语句有误。使用调试方法来识别错误。使用参数化查询总是更好。
这将有助于防止 SQL 注入攻击以及有助于省略连接错误,例如用户输入中的引号 (')
您是关闭 strict compiler option 的另一个受害者。这应该总是。
您尚未为函数 registercust 定义 return 类型。我应该期待布尔值还是字符串?
Function registercust(...) '<- As surprise?
您的查询失败,可能是因为您创建查询的方式太可怕了。 总是 使用prepared statements。函数 returns 错误消息(字符串)"The INSERT INTO statement contai...".
Return ex.Message
现在,回到 Button2_Click 方法,您正在尝试将 returned 值与布尔值进行比较。
If class1.registercust(...) = False Then
这是您的代码中断的地方。您不能将值 "The INSERT INTO statement contai..."(字符串)转换为 False 或 True(布尔值)。
这就是您的函数的外观 - 请参阅代码注释
' you should really pass customer model with properties here instead of all these arguments
Public Class Customer
Public Property CustId As String
Public Property LastName As String
Public Property FirstName As String
Public Property Mi As String
Public Property Address As String
Public Property Telephone As String
Public Property Birthday As String
Public Property Age As String
Public Property Status As String
End Class
. . . . . . . . .
Function RegisterCust(ByVal c As Customer) As Boolean '<-- add returning type
Dim retVal As Boolean
' "Using" helps to dispose of objects that implement IDisposable
' Try to avoid oledb provider altogether for RDBMSs
Using conn As OleDb.OleDbConnection = New OleDb.OleDbConnection(cs) ' pass conn str on creation
' This makes for clean code
Dim query As String = "Insert into custinfo " &
"(custid, lastname, firstname, mi, address, telephone, birthday, age, status) values " &
"('{0}', '{1}', '{2}', '{3}', '{4}', '{5}', '{6}', '{7}', '{8}')"
query = String.Format(query, c.CustId, c.LastName, c.FirstName, c.Mi, c.Address, c.Telephone, c.Birthday, c.Age, c.Status)
' Now, this query above "all good and dandy" but it is vulnerable to sql injection.
' To prevent it, instead of '{1}', you would type something like @1, or if you want, @lastname - a parameter name
' Then, add a parameter with your value to cmd.parameter collection.
Using cmd As OleDb.OleDbCommand = New OleDb.OleDbCommand(query, conn)
conn.Open()
' your query doesn't need reader. You inserting value without returning anything
retVal = cmd.EcecuteNonQuery() > 0 ' Assign return value
End Using ' cmd
conn.Close()
End Using ' conn
return retVal
End Function
我删除了异常处理,因为您没有真正的处理。使用 using 你至少可以确保对象在该方法退出之前关闭。如果你愿意,你可以把这整个东西包装成 try-block
这不是您必须要做的,但它是一种很好的格式