1. 首頁
  2. 問答
  3. 插入新行中vbnet

插入新行中vbnet

2013-04-10 78 views
0

這是我怎麼會在vb.net插入新行中vbnet

Dim cmd2 As New MySqlCommand("INSERT INTO login (username, password) VALUES (username , 
password)", db_con)

插入一個新的人在MySQL還是有這樣做的更好的方法。

來源

2013-04-10 user2264202

+0

是密碼和/或用戶名保留字嗎?如果是這樣,把它們放在方括號內 – Pezzzz 2013-04-11 10:08:43

回答

1

使用參數化查詢來防止SQL注入或甚至更好地使用存儲過程。

Imports System 
Imports System.Collections.Generic 
Imports System.Linq 
Imports System.Text 

Imports System.Data 
Imports MySql.Data 
Imports MySql.Data.MySqlClient 

Module Module1 

    Sub Main() 
     Dim conn As New MySqlConnection() 
     conn.ConnectionString = "xyz" 
     Dim cmd As New MySqlCommand() 


     'Here we execute a command to insert data via stored procedure 
     Try 
      Console.WriteLine("Connecting to MySQL...") 
      conn.Open() 
      cmd.Connection = conn 

      cmd.CommandText = "add_emp" 
      cmd.CommandType = CommandType.StoredProcedure 

      cmd.Parameters.AddWithValue("@uname", "Jeremy") 
      cmd.Parameters("@uname").Direction = ParameterDirection.Input 

      cmd.Parameters.AddWithValue("@pword", "123abc") 
      cmd.Parameters("@pword").Direction = ParameterDirection.Input 

      cmd.Parameters.AddWithValue("@empno", MySqlDbType.Int32) 
      cmd.Parameters("@empno").Direction = ParameterDirection.Output 

      cmd.ExecuteNonQuery() 

      Console.WriteLine("Employee number: " & cmd.Parameters("@empno").Value) 
     Catch ex As MySql.Data.MySqlClient.MySqlException 
      Console.WriteLine(("Error " & ex.Number & " has occurred: ") + ex.Message) 
     End Try 
     conn.Close() 
     Console.WriteLine("Done.") 

    End Sub 

End Module 

Sub Main() 
    Dim conn As New MySqlConnection() 
    conn.ConnectionString = "server=localhost;user=root;database=world;port=3306;password=******;" 
    Dim cmd As New MySqlCommand() 

    'HERE WE EXECUTE A COMMAND TO CREATE THE TABLE AND STORED PROCEDURE 
    Try 
     Console.WriteLine("Connecting to MySQL...") 
     conn.Open() 
     cmd.Connection = conn 
     cmd.CommandText = "DROP PROCEDURE IF EXISTS add_emp" 
     cmd.ExecuteNonQuery() 
     cmd.CommandText = "DROP TABLE IF EXISTS emp" 
     cmd.ExecuteNonQuery() 
     cmd.CommandText = "CREATE TABLE emp (empno INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, user_name VARCHAR(20), password VARCHAR(20))" 
     cmd.ExecuteNonQuery() 

     cmd.CommandText = "CREATE PROCEDURE add_emp(" & "IN uname VARCHAR(20), IN pword VARCHAR(20), OUT empno INT)" & "BEGIN INSERT INTO emp(user_name, password, birthdate) " & "VALUES(uname, pword); SET empno = LAST_INSERT_ID(); END" 

     cmd.ExecuteNonQuery() 
    Catch ex As MySqlException 
     Console.WriteLine(("Error " & ex.Number & " has occurred: ") + ex.Message) 
    End Try 
    conn.Close() 
    Console.WriteLine("Connection closed.") 
End Sub

來源

2013-04-10 23:45:53

+0

你能給我一個例子,說明你將如何寫這行代碼 – user2264202 2013-04-10 23:49:24

+0

我會盡快發佈完整的解決方案,[所以]給我錯誤atm試圖發佈代碼?#$ ^# $ ^#? – 2013-04-11 00:29:47

+0

好的時候,當你可以發佈請做 – user2264202 2013-04-11 01:26:45

0

INSERT INTO登錄信息(用戶名,密碼)VALUES(?,?)

來源

2013-04-11 00:01:15 Marc

1

從SQL注入防止您必須使用參數query.I我給你一個功能的refrence,你必須做出你的函數類似的東西,如

插入函數

Public Shared Function InsertFile(ByVal name As String, ByVal pwd As String) As Integer 
Dim sql As String 
sql = "insert into login (username,password) values (?uname, ?upass);" 
Dim params1(2) As MySqlParameter 
params1(1) = New MySqlParameter("?uname", name) 
params1(2) = New MySqlParameter("?upass", pwd) 
Return MySqlHelper.ExecuteNonQuery(sql, params1) 
End Function

現在做一個新的ExecuteNonQuery功能執行查詢

ExecuteNonQuery函數

Public Shared Function ExecuteNonQuery(ByVal sql As String, ByVal params() As MySqlParameter) As Integer 
Dim cnn As New MySqlConnection(connectionstring) 
Dim cmd As New MySqlCommand(sql, cnn) 
For i As Integer = 0 To params.Length - 1 
cmd.Parameters.Add(params(i)) 
Next 
cnn.Open() 
Dim retval As Integer = cmd.ExecuteNonQuery() 
cnn.Close() 
Return retval 
End Function

就是這樣,希望你能理解。

來源

2013-04-11 05:24:30 Rahul

相關問題

 相關問題