如何向 Access 数据库添加记录 - Visual Basic
How to add a record to an access database - visual basic
我做了一个测验,应该将用户的高分存储在数据库中,但是我一直收到错误提示“不允许更改 'ConnectionString'
这是我的代码:
Imports System.Data.OleDb
Public Class Pure
Dim pro As String
Dim connstring As String
Dim command As String
Dim myconnection As OleDbConnection = New OleDbConnection
这是应该将高分添加到访问数据库的其余代码
Private Sub btnSummary_Click(sender As Object, e As EventArgs) Handles btnSummary.Click
pro = "provider=microsoft.ACE.OLEDB.12.0;Data Source=flashcard login.accdb" 'Establish connection with database
connstring = pro
myconnection.ConnectionString = connstring
myconnection.Open() 'Open connection
If lblScore11.Text > lblHighScore.Text Then 'If current socre is greater than high score
lblScore11.Text = lblHighScore.Text
command = " insert into results ([score]) values ('" & lblHighScore.Text & "')"
Dim cmd As OleDbCommand = New OleDbCommand(command, myconnection) 'Establish connection
cmd.Parameters.Add(New OleDbParameter("score", CType(lblHighScore.Text, String)))
End If
End Sub
我在末尾添加了这个 try-catch 语句(在 if 语句中)
Try
cmd.ExecuteNonQuery()
cmd.Dispose()
myconnection.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
还有其他问题,但最重要的是您实际上需要 运行 查询:
cmd.ExecuteNonQuery()
另外,这个查询仍然很容易受到注入问题的影响。这种字符串替换 NEVER 对于 SQL 字符串是可以的:
values ('" & lblHighScore.Text & "')"
这里是一个完整的重写,具有更好的模式:
Dim connString As String = "provider=microsoft.ACE.OLEDB.12.0;Data Source=flashcard login.accdb"
Private Sub btnSummary_Click(sender As Object, e As EventArgs) Handles btnSummary.Click
If lblScore11.Text <= lblHighScore.Text Then Return
lblHighScore.Text = lblScore11.Text
Using conn As New OleDbConnection(connSstring), _
cmd As New OleDbCommand("INSERT INTO results ([score]) VALUES (?)", conn)
'Use the actual OleDbType that maps to the database column and length here
cmd.Parameters.Add("score", OleDbType.LongVarWChar).Value = lblScore11.Text
conn.Open()
cmd.ExecuteNonQuery()
End Using
End Sub
我做了一个测验,应该将用户的高分存储在数据库中,但是我一直收到错误提示“不允许更改 'ConnectionString'
这是我的代码:
Imports System.Data.OleDb
Public Class Pure
Dim pro As String
Dim connstring As String
Dim command As String
Dim myconnection As OleDbConnection = New OleDbConnection
这是应该将高分添加到访问数据库的其余代码
Private Sub btnSummary_Click(sender As Object, e As EventArgs) Handles btnSummary.Click
pro = "provider=microsoft.ACE.OLEDB.12.0;Data Source=flashcard login.accdb" 'Establish connection with database
connstring = pro
myconnection.ConnectionString = connstring
myconnection.Open() 'Open connection
If lblScore11.Text > lblHighScore.Text Then 'If current socre is greater than high score
lblScore11.Text = lblHighScore.Text
command = " insert into results ([score]) values ('" & lblHighScore.Text & "')"
Dim cmd As OleDbCommand = New OleDbCommand(command, myconnection) 'Establish connection
cmd.Parameters.Add(New OleDbParameter("score", CType(lblHighScore.Text, String)))
End If
End Sub
我在末尾添加了这个 try-catch 语句(在 if 语句中)
Try
cmd.ExecuteNonQuery()
cmd.Dispose()
myconnection.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
还有其他问题,但最重要的是您实际上需要 运行 查询:
cmd.ExecuteNonQuery()
另外,这个查询仍然很容易受到注入问题的影响。这种字符串替换 NEVER 对于 SQL 字符串是可以的:
values ('" & lblHighScore.Text & "')"
这里是一个完整的重写,具有更好的模式:
Dim connString As String = "provider=microsoft.ACE.OLEDB.12.0;Data Source=flashcard login.accdb"
Private Sub btnSummary_Click(sender As Object, e As EventArgs) Handles btnSummary.Click
If lblScore11.Text <= lblHighScore.Text Then Return
lblHighScore.Text = lblScore11.Text
Using conn As New OleDbConnection(connSstring), _
cmd As New OleDbCommand("INSERT INTO results ([score]) VALUES (?)", conn)
'Use the actual OleDbType that maps to the database column and length here
cmd.Parameters.Add("score", OleDbType.LongVarWChar).Value = lblScore11.Text
conn.Open()
cmd.ExecuteNonQuery()
End Using
End Sub