按照NoAlias告訴你的方式,但要小心而不是作出錯誤的開始。 忘記插入文本您的SQL,請記住,報價必須加倍等
嘗試參數化的SQL語句,像這樣的樣品中:
我有一個表4個colunms,CollCode和CollSeq是關鍵,TermType和TermText是可修改的數據 該代碼解釋瞭如何插入,更新或刪除具有參數instaed的行,如果SQL中的文本值。 該代碼是隻適用於ACCESS,SQL SERVER或MySQL需要爲模板不同的代碼,並且具有不同DbTypes
在程序的第一部分
:在程序的處理部
' select
Dim SQLaxSelect As String = "SELECT DISTINCT CollSeq FROM SearchTerms WHERE CollCode = ? ORDER BY CollSeq"
Dim DRaxSelect As OleDbDataReader = Nothing
Dim DCaxSelect As OleDbCommand
Dim axSelP1 As New OleDbParameter("@CollCode", OleDbType.VarChar, 4)
DCaxSelect = New OleDbCommand(SQLaxSelect, DbConn)
DCaxSelect.Parameters.Add(axSelP1)
' Insert
Dim DbConn As New OleDbConnection(SqlProv)
Dim SQLTwInsert As String = "INSERT INTO SearchTerms (CollCode, CollSeq, TermType, TermText) VALUES (?, ?, ?, ?)"
Dim DRTwInsert As OleDbDataReader = Nothing
Dim DCCTwInsert As OleDbCommand
Dim TwInsP1 As New OleDbParameter("@CollCode", OleDbType.VarChar, 4)
Dim TwInsP2 As New OleDbParameter("@CollSeq", OleDbType.Integer, 4)
Dim TwInsP3 As New OleDbParameter("@TermType", OleDbType.VarChar, 4)
Dim TwInsP4 As New OleDbParameter("@TermText", OleDbType.VarChar, 255)
DCCTwInsert = New OleDbCommand(SQLTwInsert, DbConn)
DCCTwInsert.Parameters.Add(TwInsP1)
DCCTwInsert.Parameters.Add(TwInsP2)
DCCTwInsert.Parameters.Add(TwInsP3)
DCCTwInsert.Parameters.Add(TwInsP4)
' Delete
Dim SQLTwDelete As String = "DELETE FROM SearchTerms WHERE CollCode = ? AND CollSeq = ? AND TermType = ? AND TermText = ?"
Dim DRTwDelete As OleDbDataReader = Nothing
Dim DCCTwDelete As OleDbCommand
Dim TwDelP1 As New OleDbParameter("@CollCode", OleDbType.VarChar, 4)
Dim TwDelP2 As New OleDbParameter("@CollSeq", OleDbType.Integer, 4)
Dim TwDelP3 As New OleDbParameter("@TermType", OleDbType.VarChar, 4)
Dim TwDelP4 As New OleDbParameter("@TermText", OleDbType.VarChar, 255)
DCCTwDelete = New OleDbCommand(SQLTwDelete, DbConn)
DCCTwDelete.Parameters.Add(TwDelP1)
DCCTwDelete.Parameters.Add(TwDelP2)
DCCTwDelete.Parameters.Add(TwDelP3)
DCCTwDelete.Parameters.Add(TwDelP4)
' Update
Dim SQLTwUpdate As String = "UPDATE SearchTerms SET TermType = ?, TermText = ? WHERE CollCode = ? AND CollSeq = ? AND TermType = ? AND TermText = ?"
Dim DRTwUpdate As OleDbDataReader = Nothing
Dim DCCTwUpdate As OleDbCommand
Dim TwUpdP1 As New OleDbParameter("@TermType", OleDbType.VarChar, 4)
Dim TwUpdP2 As New OleDbParameter("@TermText", OleDbType.VarChar, 255)
Dim TwUpdP3 As New OleDbParameter("@CollCode", OleDbType.VarChar, 4)
Dim TwUpdP4 As New OleDbParameter("@CollSeq", OleDbType.Integer, 4)
Dim TwUpdP5 As New OleDbParameter("@oldTermType", OleDbType.VarChar, 4)
Dim TwUpdP6 As New OleDbParameter("@oldTermText", OleDbType.VarChar, 255)
DCCTwUpdate = New OleDbCommand(SQLTwUpdate, DbConn)
DCCTwUpdate.Parameters.Add(TwUpdP1)
DCCTwUpdate.Parameters.Add(TwUpdP2)
DCCTwUpdate.Parameters.Add(TwUpdP3)
DCCTwUpdate.Parameters.Add(TwUpdP4)
DCCTwUpdate.Parameters.Add(TwUpdP5)
DCCTwUpdate.Parameters.Add(TwUpdP6)
:
'select
axSelP1.Value = requested key value CollCode
Try
DRaxSelect = DCaxSelect.ExecuteReader()
Do While (DRaxSelect.Read())
'get value, first SELECTed value has index 0
CollSeq = GetDbIntegerValue(DRaxSelect, 0) ' routine to convert NULL in 0
Loop
Catch ex As Exception
your type of report exception
Finally
If Not (DRaxSelect Is Nothing) Then
DRaxSelect.Dispose()
DRaxSelect.Close()
End If
End Try
' Update
TwUpdP1.Value = new value TermType
TwUpdP2.Value = new value TermText
TwUpdP3.Value = key value CollCode
TwUpdP4.Value = key value CollSeq
TwUpdP5.Value = old value TermType to avoid updating a row that 1 millisecond earlier was modified by someone else
TwUpdP6.Value = old value TermText
Try
DRTwUpdate = DCCTwUpdate.ExecuteReader()
Catch ex As Exception
your type of report exception
Finally
If Not (DRTwUpdate Is Nothing) Then
DRTwUpdate.Dispose()
DRTwUpdate.Close()
End If
End Try
' Insert
TwInsP1.Value = new key value CollCode
TwInsP2.Value = new key value CollSeq
TwInsP3.Value = value TermType
TwInsP4.Value = value TermText
Try
DRTwInsert = DCCTwInsert.ExecuteReader()
Catch ex As Exception
your type of report exception
Finally
If Not (DRTwInsert Is Nothing) Then
DRTwInsert.Dispose()
DRTwInsert.Close()
End If
End Try
' Delete
TwDelP1.Value = key value CollCode
TwDelP2.Value = key value CollSeq
TwDelP3.Value = old value TermType to avoid deleting a row that 1 millisecond earlier was modified by someone else
TwDelP4.Value = old value TermText
Try
DRTwDelete = DCCTwDelete.ExecuteReader()
Catch ex As Exception
your type of report exception
Finally
If Not (DRTwDelete Is Nothing) Then
DRTwDelete.Dispose()
DRTwDelete.Close()
End If
End Try
我的例行程序(在一個模塊)
Friend Function GetDbIntegerValue(ByVal Dr As OleDbDataReader, ByVal nr As Integer) As Integer
If IsDBNull(Dr.Item(nr)) Then
Return 0
Else
Return Dr.GetInt32(nr)
End If
End Function
如果要顯示多個記錄並插入/編輯/刪除它們,可以使用ASP.Net的GridView使用SqlDataSource。如果你想找什麼,我可以上傳更多。 http://www.asp.net/general/videos/lesson-8-working-with-the-gridview-and-formview – Win
這與經典asp比vb.net更有共同之處 –