SQL命令沒有將數據網格中的所有值插入數據庫，

Question

我想將gridview數據傳遞到數據庫中。我遇到的問題是，並不是我gridview中的所有數據都進入數據庫。這樣一個消息只顯示名稱列將在這裏是我的代碼

Protected Sub Button2_Click1(sender As Object, e As EventArgs) Handles Button2.Click 
    Dim sc As StringCollection = New StringCollection 
    Dim field1 As String = String.Empty 
    Dim i As Integer = 0 
    Do While (i < GridView1.Rows.Count) 
     field1 = GridView1.Rows(i).Cells(0).Text 
     i = (i + 1) 
    Loop 
    ' get the field to be Inserted 
    sc.Add(field1) 
    ' add the field to be Inserted in the StringCollection 
    InsertRecords(sc) 
    ' call method for insert and pass the StringCollection values 

End Sub 





Dim conn As MySqlConnection = New MySqlConnection("Server=****************;Database=******;Uid=*******;Pwd=****;allow user variables=true") 
    Dim sb As StringBuilder = New StringBuilder(String.Empty) 
    For Each item As String In sc 
     Const sqlStatement As String = "INSERT INTO student(name, age, adress) VALUES (" 
     sb.AppendFormat("{0}'{1}' ", sqlStatement, item) 

    Next 
    sb.Append(")") 

    MsgBox(sb.ToString) 

    Try 
     conn.Open() 
     Dim cmd As MySqlCommand = New MySqlCommand(sb.ToString, conn) 
     cmd.CommandType = CommandType.Text 
     cmd.ExecuteNonQuery() 

    Catch ex As System.Data.SqlClient.SqlException 
     Dim msg As String = "Insert Error:" 
     msg = (msg + ex.Message) 
     Throw New Exception(msg) 
    Finally 
     conn.Close() 
    End Try 
End Sub 

Answer 1

不要連接字符串創建一個SQL命令，但使用的參數，以避免主要是SQL注入。

Const sqlStatement As String = "INSERT INTO student(name, age, adress) VALUES (?Pname,?Page,?Padress)" 
Try 
    Using con = New MySqlConnection(connectionString) 
     con.Open() 
     For Each item In sc 
      Using cmd = New MySqlCommand(sqlStatement, con) 
       cmd.Parameters.AddWithValue("?Pname", item.Name) 
       cmd.Parameters.AddWithValue("?Page", item.Page) 
       cmd.Parameters.AddWithValue("?Padress", item.Padress) 
       cmd.ExecuteNonQuery() 
      End Using 
     Next 
    End Using 
Catch ex As System.Data.SqlClient.SqlException 
    ' log message ' 
    Throw ' don't use throw new Exception or throw ex ' 
End Try 

請注意，我用sc像一個自定義類的所有需要​​的特性的集合。但即使這是不正確的，它應該讓你知道它是如何工作的。