-1
如何在Visual Studio 2005中以窗口形式將數據添加到sql數據庫?從VB.NET保存到數據庫WinForms
我在保存時遇到問題。
Public Class Staff
Dim myconnection As SqlConnection
Dim mycommand As SqlCommand
Dim dr As SqlDataReader
Dim dr1 As SqlDataReader
Dim ra As Integer
Private Sub cmdsave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdsave.Click
myconnection = New SqlConnection("server=localhost;uid=sa;pwd=;database=medisam")
myconnection.Open()
mycommand = New SqlCommand("insert into staff([FirstName],[LastName],[Address],[DOB], [TelephoneNum], [DateJoinIn], [HighestQualifi], [AppointedAs], [Salary]) VALUES ('" & txtfname.Text & "','" & txtlname.Text & "','" & txtaddress.Text & "','" & txtdob.Text & "','" & txttelephone.Text & "','" & txthqualifi.Text & "','" & ComboBox1.SelectedValue & "','" & txtsalary.Text & "')", myconnection)
mycommand.ExecuteNonQuery()
myconnection.Close()
End Sub
End Class
您有SQL注入漏洞。 – SLaks
你的實際問題是什麼?在標題中的關鍵字混亂之間,我無法在此處看到任何問題。 –
這不僅僅是一個小小的漏洞:它通過**類型的脆弱性造成了巨大的,巨大的,驅動工業推土機,進一步加劇了這一事實,即您將連接的主要罪行稱爲sa。 –