我試圖使用VB按鈕將數據插入到數據庫中,但它不斷提出我有適用於異常的錯誤消息。SQL命令不會插入到數據庫
任何人都可以幫助我爲什麼這不更新數據庫?
Protected Sub Button1_Click(sender As Object, e As System.EventArgs) Handles Button1.Click
Dim connetionString As String
Dim sqlCnn As SqlConnection
Dim sql As String
Dim adapter As New SqlDataAdapter
Dim Customer As String = TextBox1.Text
Dim Product As String = TextBox2.Text
Dim Location As String = TextBox3.Text
Dim Details As String = TextBox4.Text
Dim Owners As String = DropDownList1.Text
Dim Urgency As String = DropDownList2.Text
connetionString = "Data Source=ZUK55APP02;Initial Catalog=BugFixPortal;User ID=SLC***;Password=rep***"
sql = "INSERT INTO Requests (Owner, Customer, Product, Location, Urgency, Details) VALUES ('" & Owners & ", " & Customer & ", " & Product & ", " & Location & ", " & Urgency & ", " & Details & "')"
sqlCnn = New SqlConnection(connetionString)
Try
sqlCnn.Open()
adapter.UpdateCommand = sqlCnn.CreateCommand
adapter.UpdateCommand.CommandText = sql
adapter.UpdateCommand.ExecuteNonQuery()
sqlCnn.Close()
Catch ex As Exception
MsgBox("Unable to update Database with Request - Please speak to Supervisor!")
End Try
End Sub
不要吐出固定的文字一個db異常。該例外應該包含確切的錯誤信息。最像你有一個SQL語法錯誤,由於有一個大開放的SQL注入問題。 –
顯然,你仍然夠新手來連接來自用戶可輸入字段的字符串。您很容易受到SQL注入的影響。 –
不錯,@ X-Zero。 – Yatrix