-1
如何在Visual Studio 2005中以窗口形式将数据添加到sql数据库?从VB.NET保存到数据库WinForms
我在保存时遇到问题。
Public Class Staff
Dim myconnection As SqlConnection
Dim mycommand As SqlCommand
Dim dr As SqlDataReader
Dim dr1 As SqlDataReader
Dim ra As Integer
Private Sub cmdsave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdsave.Click
myconnection = New SqlConnection("server=localhost;uid=sa;pwd=;database=medisam")
myconnection.Open()
mycommand = New SqlCommand("insert into staff([FirstName],[LastName],[Address],[DOB], [TelephoneNum], [DateJoinIn], [HighestQualifi], [AppointedAs], [Salary]) VALUES ('" & txtfname.Text & "','" & txtlname.Text & "','" & txtaddress.Text & "','" & txtdob.Text & "','" & txttelephone.Text & "','" & txthqualifi.Text & "','" & ComboBox1.SelectedValue & "','" & txtsalary.Text & "')", myconnection)
mycommand.ExecuteNonQuery()
myconnection.Close()
End Sub
End Class
您有SQL注入漏洞。 – SLaks
你的实际问题是什么?在标题中的关键字混乱之间,我无法在此处看到任何问题。 –
这不仅仅是一个小小的漏洞:它通过**类型的脆弱性造成了巨大的,巨大的,驱动工业推土机,进一步加剧了这一事实,即您将连接的主要罪行称为sa。 –