使用组合框访问空值 (vb.net)
Null value in access with combobox (vb.net)
我有一个连接到访问数据库中的列的组合框,如果我的组合框值为空,我想在列数据库的字段中放置一个空值。我写了这段代码,我知道这是错误的,但我想不通。
我的值声明为整数
Dim myConnectionString As SqlConnection = New SqlConnection("Data Source=*****\****;Initial Catalog=****;user=***;password=****")
Dim myCommand As String
Dim cmd As SqlCommand
Dim myvalue As Integer
If IsDBNull(Form1.CBEsp2.SelectedValue) Then
myvalue = vbNull
Else
myvalue = Form1.CBEsp2.SelectedValue
End If
MsgBox(Form1.CBEsp2.SelectedValue)
myCommand = "UPDATE DoctorEnterpriseDetails SET " & _
"RankId = " & Form1.CBSelec.SelectedValue & ", " & _
"GroupId = " & Form1.CBCateg.SelectedValue & ", " & _
"PrescribingPotential = " & Form1.CBPP.SelectedValue & ", " & _
"Observation = '" & Form1.TxtObs2.Text & "', " & _
"Telephone = '" & Convert_Null(Form1.TxtTelefone.Text, "") & "', " & _
"Mobile = '" & Convert_Null(Form1.TxtTelem.Text, "") & "', " & _
"Speciality1 = " & Form1.CBEsp1.SelectedValue & ", " & _
"Speciality2 = " & myvalue & " " & _
"WHERE EnterpriseId = 26 AND DoctorId = " & Form1.labelvazia.Text
MsgBox(myCommand)
cmd = New SqlCommand(myCommand, myConnectionString)
cmd.Connection.Open()
cmd.ExecuteNonQuery()
cmd.Connection.Close()
谢谢。
我认为您应该重写查询并使用参数化方法而不是字符串连接。
If IsDBNull(Form1.CBEsp2.SelectedValue) Then
meuvalor = DBNull.Value
Else
meuvalor = Form1.CBEsp2.SelectedValue
End If
Dim myCommand = "UPDATE DoctorEnterpriseDetails SET " & _
"RankId = @RankID, GroupId = @GroupID, " & _
"PrescribingPotential = @PrescribingPotential, "
"Observation = @Observation, Telephone = @Telephone, " & _
"Mobile = @Mobile, Speciality1 = @Speciality1, "
"Speciality2 = @Speciality2 " & _
"WHERE EnterpriseId = 26 AND DoctorId = @DoctorID"
Using conn = New SqlConnection("....")
Using cmd = New SqlCommand(myCommand, conn)
conn.Open()
cmd.Parameters.Add("@RankID", SqlDbType.Int).Value = Convert.ToInt32(Form1.CBSelec.SelectedValue)
cmd.Parameters.Add("@GroupID", SqlDbType.Int).Value = Convert.ToInt32(Form1.CBCateg.SelectedValue)
cmd.Parameters.Add("@PrescribingPotential", SqlDbType.Int).Value = Convert.ToInt32(Form1.CBPP.SelectedValue)
cmd.Parameters.Add("@Observation", SqlDbType.NVarChar).Value = Form1.TxtObs2.Text
... and so on for the other parameters.....
... the one with null value will be
cmd.Parameters.Add("@Speciality2", SqlDbType.Int).Value = meuvalor
....
cmd.ExecuteNonQuery()
End Using
End Using
这是参数化查询的示例。这些值未连接在查询文本中(使其在此过程中更具可读性),而是添加到 SqlCommand 的参数集合中,而查询文本仅包含占位符 (@xxxx)。每个参数都应使用正确的数据类型 (SqlDbType enumeration) 定义,并在将其添加到集合之前从 UI 表示形式转换为 VB.NET 类型。
这种方法使您的代码更安全,因为您不必担心恶意用户会在您的文本框 (Sql Injection) 中键入危险文本,并且当参数使用其类型指定时,没有 space从值(小数分隔符、日期格式、字符串引号等....)解析错误
对于 NULL 值,您应该传递一个 DBNull.Value,它将被正确转换为您在数据库字段中需要的空值。
我写了这个并且有效..也许不是最好的解决方案。
If IsNothing(Form1.CBEsp2.SelectedValue) Then
myCommand = "UPDATE DoctorEnterpriseDetails SET " & _
"RankId = " & Form1.CBSelec.SelectedValue & ", " & _
"GroupId = " & Form1.CBCateg.SelectedValue & ", " & _
"PrescribingPotential = " & Form1.CBPP.SelectedValue & ", " & _
"Observation = '" & Form1.TxtObs2.Text & "', " & _
"Telephone = '" & Convert_Null(Form1.TxtTelefone.Text, "") & "', " & _
"Mobile = '" & Convert_Null(Form1.TxtTelem.Text, "") & "', " & _
"Speciality1 = " & Form1.CBEsp1.SelectedValue & ", " & _
"Speciality2 = NULL " & _
"WHERE EnterpriseId = 26 AND DoctorId = " & Form1.labelvazia.Text
Else
myCommand = "UPDATE DoctorEnterpriseDetails SET " & _
"RankId = " & Form1.CBSelec.SelectedValue & ", " & _
"GroupId = " & Form1.CBCateg.SelectedValue & ", " & _
"PrescribingPotential = " & Form1.CBPP.SelectedValue & ", " & _
"Observation = '" & Form1.TxtObs2.Text & "', " & _
"Telephone = '" & Convert_Null(Form1.TxtTelefone.Text, "") & "', " & _
"Mobile = '" & Convert_Null(Form1.TxtTelem.Text, "") & "', " & _
"Speciality1 = " & Form1.CBEsp1.SelectedValue & ", " & _
"Speciality2 = " & Form1.CBEsp2.SelectedValue & " " & _
"WHERE EnterpriseId = 26 AND DoctorId = " & Form1.labelvazia.Text
End If
我有一个连接到访问数据库中的列的组合框,如果我的组合框值为空,我想在列数据库的字段中放置一个空值。我写了这段代码,我知道这是错误的,但我想不通。
我的值声明为整数
Dim myConnectionString As SqlConnection = New SqlConnection("Data Source=*****\****;Initial Catalog=****;user=***;password=****")
Dim myCommand As String
Dim cmd As SqlCommand
Dim myvalue As Integer
If IsDBNull(Form1.CBEsp2.SelectedValue) Then
myvalue = vbNull
Else
myvalue = Form1.CBEsp2.SelectedValue
End If
MsgBox(Form1.CBEsp2.SelectedValue)
myCommand = "UPDATE DoctorEnterpriseDetails SET " & _
"RankId = " & Form1.CBSelec.SelectedValue & ", " & _
"GroupId = " & Form1.CBCateg.SelectedValue & ", " & _
"PrescribingPotential = " & Form1.CBPP.SelectedValue & ", " & _
"Observation = '" & Form1.TxtObs2.Text & "', " & _
"Telephone = '" & Convert_Null(Form1.TxtTelefone.Text, "") & "', " & _
"Mobile = '" & Convert_Null(Form1.TxtTelem.Text, "") & "', " & _
"Speciality1 = " & Form1.CBEsp1.SelectedValue & ", " & _
"Speciality2 = " & myvalue & " " & _
"WHERE EnterpriseId = 26 AND DoctorId = " & Form1.labelvazia.Text
MsgBox(myCommand)
cmd = New SqlCommand(myCommand, myConnectionString)
cmd.Connection.Open()
cmd.ExecuteNonQuery()
cmd.Connection.Close()
谢谢。
我认为您应该重写查询并使用参数化方法而不是字符串连接。
If IsDBNull(Form1.CBEsp2.SelectedValue) Then
meuvalor = DBNull.Value
Else
meuvalor = Form1.CBEsp2.SelectedValue
End If
Dim myCommand = "UPDATE DoctorEnterpriseDetails SET " & _
"RankId = @RankID, GroupId = @GroupID, " & _
"PrescribingPotential = @PrescribingPotential, "
"Observation = @Observation, Telephone = @Telephone, " & _
"Mobile = @Mobile, Speciality1 = @Speciality1, "
"Speciality2 = @Speciality2 " & _
"WHERE EnterpriseId = 26 AND DoctorId = @DoctorID"
Using conn = New SqlConnection("....")
Using cmd = New SqlCommand(myCommand, conn)
conn.Open()
cmd.Parameters.Add("@RankID", SqlDbType.Int).Value = Convert.ToInt32(Form1.CBSelec.SelectedValue)
cmd.Parameters.Add("@GroupID", SqlDbType.Int).Value = Convert.ToInt32(Form1.CBCateg.SelectedValue)
cmd.Parameters.Add("@PrescribingPotential", SqlDbType.Int).Value = Convert.ToInt32(Form1.CBPP.SelectedValue)
cmd.Parameters.Add("@Observation", SqlDbType.NVarChar).Value = Form1.TxtObs2.Text
... and so on for the other parameters.....
... the one with null value will be
cmd.Parameters.Add("@Speciality2", SqlDbType.Int).Value = meuvalor
....
cmd.ExecuteNonQuery()
End Using
End Using
这是参数化查询的示例。这些值未连接在查询文本中(使其在此过程中更具可读性),而是添加到 SqlCommand 的参数集合中,而查询文本仅包含占位符 (@xxxx)。每个参数都应使用正确的数据类型 (SqlDbType enumeration) 定义,并在将其添加到集合之前从 UI 表示形式转换为 VB.NET 类型。
这种方法使您的代码更安全,因为您不必担心恶意用户会在您的文本框 (Sql Injection) 中键入危险文本,并且当参数使用其类型指定时,没有 space从值(小数分隔符、日期格式、字符串引号等....)解析错误
对于 NULL 值,您应该传递一个 DBNull.Value,它将被正确转换为您在数据库字段中需要的空值。
我写了这个并且有效..也许不是最好的解决方案。
If IsNothing(Form1.CBEsp2.SelectedValue) Then
myCommand = "UPDATE DoctorEnterpriseDetails SET " & _
"RankId = " & Form1.CBSelec.SelectedValue & ", " & _
"GroupId = " & Form1.CBCateg.SelectedValue & ", " & _
"PrescribingPotential = " & Form1.CBPP.SelectedValue & ", " & _
"Observation = '" & Form1.TxtObs2.Text & "', " & _
"Telephone = '" & Convert_Null(Form1.TxtTelefone.Text, "") & "', " & _
"Mobile = '" & Convert_Null(Form1.TxtTelem.Text, "") & "', " & _
"Speciality1 = " & Form1.CBEsp1.SelectedValue & ", " & _
"Speciality2 = NULL " & _
"WHERE EnterpriseId = 26 AND DoctorId = " & Form1.labelvazia.Text
Else
myCommand = "UPDATE DoctorEnterpriseDetails SET " & _
"RankId = " & Form1.CBSelec.SelectedValue & ", " & _
"GroupId = " & Form1.CBCateg.SelectedValue & ", " & _
"PrescribingPotential = " & Form1.CBPP.SelectedValue & ", " & _
"Observation = '" & Form1.TxtObs2.Text & "', " & _
"Telephone = '" & Convert_Null(Form1.TxtTelefone.Text, "") & "', " & _
"Mobile = '" & Convert_Null(Form1.TxtTelem.Text, "") & "', " & _
"Speciality1 = " & Form1.CBEsp1.SelectedValue & ", " & _
"Speciality2 = " & Form1.CBEsp2.SelectedValue & " " & _
"WHERE EnterpriseId = 26 AND DoctorId = " & Form1.labelvazia.Text
End If