1. 首页
  2. 问答
  3. 插入新行中vbnet

插入新行中vbnet

2013-04-10 77 views
0

这是我怎么会在vb.net插入新行中vbnet

Dim cmd2 As New MySqlCommand("INSERT INTO login (username, password) VALUES (username , 
password)", db_con)

插入一个新的人在MySQL还是有这样做的更好的方法。

来源

2013-04-10 user2264202

+0

是密码和/或用户名保留字吗?如果是这样,把它们放在方括号内 – Pezzzz 2013-04-11 10:08:43

回答

1

使用参数化查询来防止SQL注入或甚至更好地使用存储过程。

Imports System 
Imports System.Collections.Generic 
Imports System.Linq 
Imports System.Text 

Imports System.Data 
Imports MySql.Data 
Imports MySql.Data.MySqlClient 

Module Module1 

    Sub Main() 
     Dim conn As New MySqlConnection() 
     conn.ConnectionString = "xyz" 
     Dim cmd As New MySqlCommand() 


     'Here we execute a command to insert data via stored procedure 
     Try 
      Console.WriteLine("Connecting to MySQL...") 
      conn.Open() 
      cmd.Connection = conn 

      cmd.CommandText = "add_emp" 
      cmd.CommandType = CommandType.StoredProcedure 

      cmd.Parameters.AddWithValue("@uname", "Jeremy") 
      cmd.Parameters("@uname").Direction = ParameterDirection.Input 

      cmd.Parameters.AddWithValue("@pword", "123abc") 
      cmd.Parameters("@pword").Direction = ParameterDirection.Input 

      cmd.Parameters.AddWithValue("@empno", MySqlDbType.Int32) 
      cmd.Parameters("@empno").Direction = ParameterDirection.Output 

      cmd.ExecuteNonQuery() 

      Console.WriteLine("Employee number: " & cmd.Parameters("@empno").Value) 
     Catch ex As MySql.Data.MySqlClient.MySqlException 
      Console.WriteLine(("Error " & ex.Number & " has occurred: ") + ex.Message) 
     End Try 
     conn.Close() 
     Console.WriteLine("Done.") 

    End Sub 

End Module 

Sub Main() 
    Dim conn As New MySqlConnection() 
    conn.ConnectionString = "server=localhost;user=root;database=world;port=3306;password=******;" 
    Dim cmd As New MySqlCommand() 

    'HERE WE EXECUTE A COMMAND TO CREATE THE TABLE AND STORED PROCEDURE 
    Try 
     Console.WriteLine("Connecting to MySQL...") 
     conn.Open() 
     cmd.Connection = conn 
     cmd.CommandText = "DROP PROCEDURE IF EXISTS add_emp" 
     cmd.ExecuteNonQuery() 
     cmd.CommandText = "DROP TABLE IF EXISTS emp" 
     cmd.ExecuteNonQuery() 
     cmd.CommandText = "CREATE TABLE emp (empno INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, user_name VARCHAR(20), password VARCHAR(20))" 
     cmd.ExecuteNonQuery() 

     cmd.CommandText = "CREATE PROCEDURE add_emp(" & "IN uname VARCHAR(20), IN pword VARCHAR(20), OUT empno INT)" & "BEGIN INSERT INTO emp(user_name, password, birthdate) " & "VALUES(uname, pword); SET empno = LAST_INSERT_ID(); END" 

     cmd.ExecuteNonQuery() 
    Catch ex As MySqlException 
     Console.WriteLine(("Error " & ex.Number & " has occurred: ") + ex.Message) 
    End Try 
    conn.Close() 
    Console.WriteLine("Connection closed.") 
End Sub

来源

2013-04-10 23:45:53

+0

你能给我一个例子,说明你将如何写这行代码 – user2264202 2013-04-10 23:49:24

+0

我会尽快发布完整的解决方案,[所以]给我错误atm试图发布代码?#$ ^# $ ^#? – 2013-04-11 00:29:47

+0

好的时候,当你可以发布请做 – user2264202 2013-04-11 01:26:45

0

INSERT INTO登录信息(用户名,密码)VALUES(?,?)

来源

2013-04-11 00:01:15 Marc

1

从SQL注入防止您必须使用参数query.I我给你一个功能的refrence,你必须做出你的函数类似的东西,如

插入函数

Public Shared Function InsertFile(ByVal name As String, ByVal pwd As String) As Integer 
Dim sql As String 
sql = "insert into login (username,password) values (?uname, ?upass);" 
Dim params1(2) As MySqlParameter 
params1(1) = New MySqlParameter("?uname", name) 
params1(2) = New MySqlParameter("?upass", pwd) 
Return MySqlHelper.ExecuteNonQuery(sql, params1) 
End Function

现在做一个新的ExecuteNonQuery功能执行查询

ExecuteNonQuery函数

Public Shared Function ExecuteNonQuery(ByVal sql As String, ByVal params() As MySqlParameter) As Integer 
Dim cnn As New MySqlConnection(connectionstring) 
Dim cmd As New MySqlCommand(sql, cnn) 
For i As Integer = 0 To params.Length - 1 
cmd.Parameters.Add(params(i)) 
Next 
cnn.Open() 
Dim retval As Integer = cmd.ExecuteNonQuery() 
cnn.Close() 
Return retval 
End Function

就是这样,希望你能理解。

来源

2013-04-11 05:24:30 Rahul

相关问题

 相关问题