在 vb 中参数化 sql
Parameterizing sql in vb
我有这个模块调用 Procedure ,我想对其进行参数化。我将一个字符串作为查询发送到过程模块。我已经在 google 中查找了,但找不到问题的答案。
Procedures.Insert("INSERT INTO Technician (tec_name, tec_email, rol_id) VALUES ('" & txt_tech.text & "', '" & txt_tech_email.text & "', " & cbo_tech_role.selectvalue.tostring & ")", "Technican Add Correct")
========================================
我可能会改变它......
Procedures.Insert("INSERT INTO Technician (tec_name, tec_email, rol_id) VALUES ('@tech_name', '@tech_email', '@tech_role' ")", "Technican Add Correct")
================ 但是我不知道在哪里可以参数化
Public Sub Insert(query As String, msg As String)
Dim cn As New SqlConnection(cs)
Dim cmd As New SqlCommand
Try
cn.Open()
With cmd
.CommandType = CommandType.Text
.CommandText = query
.Connection = cn
.Parameters.AddValueWith("@tech_name",txt_tech_name.text)
.Parameters.AddValueWith("@tech_email",txt_tech_email.text)
.Parameters.AddValueWith("@tech_rol",txt_tech_role.selectValue.tostring)
.ExecuteNonQuery()
End With
MessageBox.Show(msg, "INSERT", MessageBoxButtons.OK, MessageBoxIcon.Information)
Catch ex As Exception
MessageBox.Show(ex.Message.ToString, ". : : ERROR : : .", MessageBoxButtons.OK, MessageBoxIcon.Error)
Finally
If cn IsNot Nothing AndAlso cn.State <> ConnectionState.Closed Then
cn.Close()
cn = Nothing
End If
End Try
End Sub
因为我有一个与主代码分开的模块,所以我无法调用文本框,因为它们与主模块分开......知道如何做到这一点吗?? ... 别难过 .. 这是我与 VB 一起工作的第 14 周.. :/
为 SqlParameters 添加到 Insert 函数参数
Public Sub Insert(query As String, msg As String, params As SqlParameter())
Dim cn As New SqlConnection(cs)
Dim cmd As New SqlCommand
Try
cn.Open()
With cmd
.CommandType = CommandType.Text
.CommandText = query
.Connection = cn
If params IsNot Nothing AndAlso params.Count > 0 Then
.Parameters.AddRange(params)
End If
.ExecuteNonQuery()
End With
MessageBox.Show(msg,
"INSERT",
MessageBoxButtons.OK,
MessageBoxIcon.Information)
Catch ex As Exception
MessageBox.Show(ex.Message.ToString, ". : : ERROR : : .",
MessageBoxButtons.OK,
MessageBoxIcon.Error)
Finally
If cn IsNot Nothing AndAlso cn.State <> ConnectionState.Closed Then
cn.Close()
cn = Nothing
End If
End Try
End Sub
然后像这样使用它:
Dim query As String = "INSERT INTO Technician (tec_name, tec_email, rol_id) VALUES (@tech_name, @tech_email, @tech_role)"
Dim msg As String = "Technican Add Correct"
Dim params As SqlParameter() = {New SqlParameter("@tech_name",txt_tech_name.text),
New SqlParameter("@tech_email",txt_tech_email.text),
New SqlParameter("@tech_rol",txt_tech_role.selectValue.tostring)}
Procedures.Insert(query, msg, params)
使用 SqlParameter 的数组让您可以使用与 string
不同的参数类型的相同函数
你可以这样做...它适合我。
String query = "INSERT INTO Technician(tec_name, tec_email, rol_id) VALUES(@tech_name, @tech_email, @tech_rolr)"
params = {"tech_name", "tech_email", "tech_rolr"}
values = {"" & txt_tech_name.text, "" & txt_tech_email.text, "" & txt_tech_role.selectValue.tostring()}
SaveUpdateDelete(query, params, values)
模块下,可以放这个
Public params() As String
Public values() As String
Public Sub SaveUpdateDelete(ByVal sql As String, ByVal parameters() As String, ByVal Values() As String)
If con.State = ConnectionState.Open Then
con.Close()
End If
con.Open()
command = New MySqlCommand(sql, con)
For i = 0 To parameters.Count - 1
command.Parameters.AddWithValue("@" & parameters(i).ToString, Values(i))
Next
command.CommandText = sql
command.ExecuteNonQuery()
con.Close()
End Sub
方法SaveUpdateDelete适用于添加、更新和删除数据..你的代码只会在查询上有所不同...... "insert, update, delete"
我有这个模块调用 Procedure ,我想对其进行参数化。我将一个字符串作为查询发送到过程模块。我已经在 google 中查找了,但找不到问题的答案。
Procedures.Insert("INSERT INTO Technician (tec_name, tec_email, rol_id) VALUES ('" & txt_tech.text & "', '" & txt_tech_email.text & "', " & cbo_tech_role.selectvalue.tostring & ")", "Technican Add Correct")
======================================== 我可能会改变它......
Procedures.Insert("INSERT INTO Technician (tec_name, tec_email, rol_id) VALUES ('@tech_name', '@tech_email', '@tech_role' ")", "Technican Add Correct")
================ 但是我不知道在哪里可以参数化
Public Sub Insert(query As String, msg As String)
Dim cn As New SqlConnection(cs)
Dim cmd As New SqlCommand
Try
cn.Open()
With cmd
.CommandType = CommandType.Text
.CommandText = query
.Connection = cn
.Parameters.AddValueWith("@tech_name",txt_tech_name.text)
.Parameters.AddValueWith("@tech_email",txt_tech_email.text)
.Parameters.AddValueWith("@tech_rol",txt_tech_role.selectValue.tostring)
.ExecuteNonQuery()
End With
MessageBox.Show(msg, "INSERT", MessageBoxButtons.OK, MessageBoxIcon.Information)
Catch ex As Exception
MessageBox.Show(ex.Message.ToString, ". : : ERROR : : .", MessageBoxButtons.OK, MessageBoxIcon.Error)
Finally
If cn IsNot Nothing AndAlso cn.State <> ConnectionState.Closed Then
cn.Close()
cn = Nothing
End If
End Try
End Sub
因为我有一个与主代码分开的模块,所以我无法调用文本框,因为它们与主模块分开......知道如何做到这一点吗?? ... 别难过 .. 这是我与 VB 一起工作的第 14 周.. :/
为 SqlParameters 添加到 Insert 函数参数
Public Sub Insert(query As String, msg As String, params As SqlParameter())
Dim cn As New SqlConnection(cs)
Dim cmd As New SqlCommand
Try
cn.Open()
With cmd
.CommandType = CommandType.Text
.CommandText = query
.Connection = cn
If params IsNot Nothing AndAlso params.Count > 0 Then
.Parameters.AddRange(params)
End If
.ExecuteNonQuery()
End With
MessageBox.Show(msg,
"INSERT",
MessageBoxButtons.OK,
MessageBoxIcon.Information)
Catch ex As Exception
MessageBox.Show(ex.Message.ToString, ". : : ERROR : : .",
MessageBoxButtons.OK,
MessageBoxIcon.Error)
Finally
If cn IsNot Nothing AndAlso cn.State <> ConnectionState.Closed Then
cn.Close()
cn = Nothing
End If
End Try
End Sub
然后像这样使用它:
Dim query As String = "INSERT INTO Technician (tec_name, tec_email, rol_id) VALUES (@tech_name, @tech_email, @tech_role)"
Dim msg As String = "Technican Add Correct"
Dim params As SqlParameter() = {New SqlParameter("@tech_name",txt_tech_name.text),
New SqlParameter("@tech_email",txt_tech_email.text),
New SqlParameter("@tech_rol",txt_tech_role.selectValue.tostring)}
Procedures.Insert(query, msg, params)
使用 SqlParameter 的数组让您可以使用与 string
你可以这样做...它适合我。
String query = "INSERT INTO Technician(tec_name, tec_email, rol_id) VALUES(@tech_name, @tech_email, @tech_rolr)"
params = {"tech_name", "tech_email", "tech_rolr"}
values = {"" & txt_tech_name.text, "" & txt_tech_email.text, "" & txt_tech_role.selectValue.tostring()}
SaveUpdateDelete(query, params, values)
模块下,可以放这个
Public params() As String
Public values() As String
Public Sub SaveUpdateDelete(ByVal sql As String, ByVal parameters() As String, ByVal Values() As String)
If con.State = ConnectionState.Open Then
con.Close()
End If
con.Open()
command = New MySqlCommand(sql, con)
For i = 0 To parameters.Count - 1
command.Parameters.AddWithValue("@" & parameters(i).ToString, Values(i))
Next
command.CommandText = sql
command.ExecuteNonQuery()
con.Close()
End Sub
方法SaveUpdateDelete适用于添加、更新和删除数据..你的代码只会在查询上有所不同...... "insert, update, delete"