我正在尝试做一个小程序,写入和读取Mysql数据库。阅读部分进行得很顺利,但我有点卡在写部分。
这是我的代码:
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Absenden.Click
Dim conn As New MySqlConnection
Dim command As MySqlCommand
Dim myConnectionString As String
myConnectionString = "server=Nothing;uid=to;pwd=see;database=here;"
conn.ConnectionString = myConnectionString
Try
conn.Open()
Dim Querywrite As String
Querywrite = "select * FROM here.message INSERT INTO message admin='" & TB_Name.Text & "' and message='" & TB_Nachricht.Text & "' and Server='" & TB_Server.Text & "' and status='" & TB_Status.Text & "' "
command = New MySqlCommand(Querywrite, connection)
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try
conn.Close()
End Sub
我认为Querywrite
部分是问题所在。输入来自Windows窗体中的文本框。
谢谢你的帮忙!
发布于 2018-02-13 11:20:35
也许,如果有人给你看过一次,你就会明白了。重要的是始终使用参数;您不仅可以避免较小的系统错误和类型错误,还可以避免恶意输入带来的重大灾难。我猜测了您的字段的数据类型。请检查数据库中的类型,并相应地调整代码。
Private Sub InsertData()
Dim strQuery As String = "Insert Into message (admin, message, Server, status) Values (@admin, @message, @Server, @status);"
Using cn As New MySqlConnection("your connection string")
Using cmd As New MySqlCommand With {
.Connection = cn,
.CommandType = CommandType.Text,
.CommandText = strQuery}
cmd.Parameters.Add("@admin", MySqlDbType.VarString).Value = TB_Name.Text
cmd.Parameters.Add("@message", MySqlDbType.VarString).Value = TB_Nachricht.Text
cmd.Parameters.Add("@Server", MySqlDbType.VarString).Value = TB_Server.Text
cmd.Parameters.Add("@status", MySqlDbType.VarString).Value = TB_Status.Text
cn.Open()
cmd.ExecuteNonQuery()
cn.Close()
End Using
End Using
End Sub
https://stackoverflow.com/questions/48747200
复制相似问题