0
這段代碼工作正常....的app.config連接字符串不盡快工作
Private Sub save()
Dim con As New SqlClient.SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=D:\Chuttu VB\Projects\LIC\LIC.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True")
Dim sql As New SqlClient.SqlCommand("INSERT INTO ProposerDetails " & _
"VALUES (" & Convert.ToInt32(PolicyNumberTextBox.Text) & ",'" & NameTextBox.Text & "','" & AgeTextBox.Text & "','" & PhoneTextBox.Text & "','" & AddressTextBox.Text & "','" _
& NomineeTextBox.Text & "','" & NomineeRelationTextBox.Text & "'," & PlanID() & ",'" & PolicyTermTextBox.Text & "','" & PremiumAmountTextBox.Text & "','" _
& PremiumTypeComboBox.Text & "','" & SumProposedTextBox.Text & "','Date')", con)
MsgBox(sql.CommandText)
con.Open()
MsgBox(con.State.ToString)
Dim i As Integer = sql.ExecuteNonQuery
MsgBox(i.ToString)
con.Close()
sql.Dispose()
con.Dispose()
ToolStripStatusLabelMessage.Text = "Saved"
End Sub
我的連接字符串從app.config中其更改爲連接字符串停止工作(將數據到DB)
Private Sub save()
Dim con As New SqlClient.SqlConnection(LIC.My.Settings.LICConnectionString)
Dim sql As New SqlClient.SqlCommand("INSERT INTO ProposerDetails " & _
"VALUES (" & Convert.ToInt32(PolicyNumberTextBox.Text) & ",'" & NameTextBox.Text & "','" & AgeTextBox.Text & "','" & PhoneTextBox.Text & "','" & AddressTextBox.Text & "','" _
& NomineeTextBox.Text & "','" & NomineeRelationTextBox.Text & "'," & PlanID() & ",'" & PolicyTermTextBox.Text & "','" & PremiumAmountTextBox.Text & "','" _
& PremiumTypeComboBox.Text & "','" & SumProposedTextBox.Text & "','Date')", con)
MsgBox(sql.CommandText)
con.Open()
MsgBox(con.State.ToString)
Dim i As Integer = sql.ExecuteNonQuery
MsgBox(i.ToString)
con.Close()
sql.Dispose()
con.Dispose()
ToolStripStatusLabelMessage.Text = "Saved"
End Sub
注意:我沒有得到任何錯誤。
你2個的代碼示例看起來相同,並使用硬編碼的連接字符串同時。同樣也是提示,你正在開放SQL注入以形成你的查詢。使用這些SQL參數! – Etch 2011-12-15 16:21:55
第二個連接字符串沒有硬編碼...我拉它從app.config文件。 – 2011-12-15 16:23:12
@Etch我可以在數據集(.xsd文件)中添加一個INSERT查詢並使用它來插入數據?如果是的話那怎麼樣?我如何將值傳遞給INSERT查詢中使用的參數? – 2011-12-15 16:25:12