这是我怎么会在vb.net插入新行中vbnet
Dim cmd2 As New MySqlCommand("INSERT INTO login (username, password) VALUES (username ,
password)", db_con)
插入一个新的人在MySQL还是有这样做的更好的方法。
这是我怎么会在vb.net插入新行中vbnet
Dim cmd2 As New MySqlCommand("INSERT INTO login (username, password) VALUES (username ,
password)", db_con)
插入一个新的人在MySQL还是有这样做的更好的方法。
使用参数化查询来防止SQL注入或甚至更好地使用存储过程。
Imports System
Imports System.Collections.Generic
Imports System.Linq
Imports System.Text
Imports System.Data
Imports MySql.Data
Imports MySql.Data.MySqlClient
Module Module1
Sub Main()
Dim conn As New MySqlConnection()
conn.ConnectionString = "xyz"
Dim cmd As New MySqlCommand()
'Here we execute a command to insert data via stored procedure
Try
Console.WriteLine("Connecting to MySQL...")
conn.Open()
cmd.Connection = conn
cmd.CommandText = "add_emp"
cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@uname", "Jeremy")
cmd.Parameters("@uname").Direction = ParameterDirection.Input
cmd.Parameters.AddWithValue("@pword", "123abc")
cmd.Parameters("@pword").Direction = ParameterDirection.Input
cmd.Parameters.AddWithValue("@empno", MySqlDbType.Int32)
cmd.Parameters("@empno").Direction = ParameterDirection.Output
cmd.ExecuteNonQuery()
Console.WriteLine("Employee number: " & cmd.Parameters("@empno").Value)
Catch ex As MySql.Data.MySqlClient.MySqlException
Console.WriteLine(("Error " & ex.Number & " has occurred: ") + ex.Message)
End Try
conn.Close()
Console.WriteLine("Done.")
End Sub
End Module
Sub Main()
Dim conn As New MySqlConnection()
conn.ConnectionString = "server=localhost;user=root;database=world;port=3306;password=******;"
Dim cmd As New MySqlCommand()
'HERE WE EXECUTE A COMMAND TO CREATE THE TABLE AND STORED PROCEDURE
Try
Console.WriteLine("Connecting to MySQL...")
conn.Open()
cmd.Connection = conn
cmd.CommandText = "DROP PROCEDURE IF EXISTS add_emp"
cmd.ExecuteNonQuery()
cmd.CommandText = "DROP TABLE IF EXISTS emp"
cmd.ExecuteNonQuery()
cmd.CommandText = "CREATE TABLE emp (empno INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, user_name VARCHAR(20), password VARCHAR(20))"
cmd.ExecuteNonQuery()
cmd.CommandText = "CREATE PROCEDURE add_emp(" & "IN uname VARCHAR(20), IN pword VARCHAR(20), OUT empno INT)" & "BEGIN INSERT INTO emp(user_name, password, birthdate) " & "VALUES(uname, pword); SET empno = LAST_INSERT_ID(); END"
cmd.ExecuteNonQuery()
Catch ex As MySqlException
Console.WriteLine(("Error " & ex.Number & " has occurred: ") + ex.Message)
End Try
conn.Close()
Console.WriteLine("Connection closed.")
End Sub
你能给我一个例子,说明你将如何写这行代码 – user2264202 2013-04-10 23:49:24
我会尽快发布完整的解决方案,[所以]给我错误atm试图发布代码?#$ ^# $ ^#? – 2013-04-11 00:29:47
好的时候,当你可以发布请做 – user2264202 2013-04-11 01:26:45
INSERT INTO登录信息(用户名,密码)VALUES(?,?)
从SQL注入防止您必须使用参数query.I我给你一个功能的refrence,你必须做出你的函数类似的东西,如
插入函数
Public Shared Function InsertFile(ByVal name As String, ByVal pwd As String) As Integer
Dim sql As String
sql = "insert into login (username,password) values (?uname, ?upass);"
Dim params1(2) As MySqlParameter
params1(1) = New MySqlParameter("?uname", name)
params1(2) = New MySqlParameter("?upass", pwd)
Return MySqlHelper.ExecuteNonQuery(sql, params1)
End Function
现在做一个新的ExecuteNonQuery功能执行查询
ExecuteNonQuery函数
Public Shared Function ExecuteNonQuery(ByVal sql As String, ByVal params() As MySqlParameter) As Integer
Dim cnn As New MySqlConnection(connectionstring)
Dim cmd As New MySqlCommand(sql, cnn)
For i As Integer = 0 To params.Length - 1
cmd.Parameters.Add(params(i))
Next
cnn.Open()
Dim retval As Integer = cmd.ExecuteNonQuery()
cnn.Close()
Return retval
End Function
就是这样,希望你能理解。
是密码和/或用户名保留字吗?如果是这样,把它们放在方括号内 – Pezzzz 2013-04-11 10:08:43