SQL 新手并遇到语法问题 (VB.NET)
Posted
技术标签:
【中文标题】SQL 新手并遇到语法问题 (VB.NET)【英文标题】:New to SQL and having issues with Sytnax (VB.NET) 【发布时间】:2021-10-16 20:08:02 【问题描述】:总的来说,我对 SQL 和数据库还很陌生(现在在大学的入门课上),我遇到了一些障碍。我正在为我部门的人构建一个带薪休假跟踪器(他们就像孩子一样,无法使用我们已有的工具跟踪自己的事情)。我目前有工作代码,当该人输入总 PTO 小时数时,它会将适当的记录添加到我的数据库中,但是在尝试编辑该记录时,我不断收到语法错误。
我正在尝试根据计算为两个标签的内容来减少/更新数据库条目,以便在应用程序中更容易阅读。我已经查看了多个 YouTube 视频和主题,但仍然没有帮助(这就是我在这里的原因)。下面是我目前在“提交 PTO”按钮的点击事件中的代码:
Private Sub btnSubmit_Click(sender As Object, e As EventArgs) Handles btnSubmit.Click
'Delcare variables for the duration of PTO taken.
Dim startTime As DateTime
Dim endTime As DateTime
Dim duration As TimeSpan
'Declare double variables for Bank and Protected time.
Dim dblBank As Double = lblBank.Text
Dim dblProtected As Double = lblProtected.Text
'Ensure there is a value selected in both combo boxes or display a message box. If times are entered correctly then process the calcuations to reduce each PTO bank accordingly based off the user input.
If cboStart.Text = "" And cboEnd.Text = "" Then
MessageBox.Show("You must select a start and end time.", "Service Delivery PTO Tracker", MessageBoxButtons.OK, MessageBoxIcon.Error)
Else
'Assign the start/end combobox selection to the start/end variables And duration is equal to the difference of the selected times.
startTime = cboStart.SelectedItem
endTime = cboEnd.SelectedItem
duration = endTime - startTime
'Display the appropriate hours in the designated labels.+
lblHours.Text = duration.TotalHours
lblBank.Text -= lblHours.Text
'Update the values of the PTO Bank and Protected time into the database, show a messagebox that the PTO hours have been successfully updated.
con.Open()
Dim command As New SqlCommand("UPDATE TimeBank SET Bank = '" & dblBank & "', Protected = '" & dblProtected & "')", con)
command.ExecuteNonQuery()
MessageBox.Show("PTO Updated Successfully!")
con.Close()
'Update the datagridview in real time as the PTO is input (this is for developing only right now).
LoadDataGrid()
'If the radio button for Protected Time is selected then reduce both bank and protected labels based off the PTO selection.
If radProtected.Checked Then
lblProtected.Text -= lblHours.Text
lblBank.Text -= lblHours.Text
End If
End If
'Reset the radio button for Protected Time once the PTO selection is complete.
radProtected.Checked = False
End Sub
对此的任何帮助将不胜感激。这可能是一件愚蠢的事情,但我显然无法找到它来挽救我的生命。
【问题讨论】:
删除 UPDATE 查询末尾的)
。除此之外,它很脆弱。查看准备好的语句来解决这个问题
感谢您的快速回复。这修复了我的语法错误,但我仍然没有在我的数据库中看到更新,但我会自己研究更多。再次感谢 juergen d!
请在构建后提供您的 SQL 文本。
现在和永远开启 Option Strict。项目属性 -> 编译选项卡。同时设置工具 -> 选项 -> 项目和解决方案 -> VB 默认值。
你在学习什么教程?我问很多新手这个问题,因为他们一遍又一遍地犯同样的严重错误。我真的很想知道为什么几乎每个 SQL 新手都出现编写 SQL 注入易被黑客攻击的代码 - 如果那里有他们需要的糟糕教程定影;没有人应该教你写这样的代码
【参考方案1】:
不要尝试用String
s 进行算术运算。 Text
属性包含 String
s。
更新数据库后更改受保护的值。如果您不更改该字段,则更新该字段是愚蠢的。
我将假设您要更新特定员工的记录。我为Integer
的员工ID 添加了一个文本框。我还猜到数据库中有一个字段用于 Id。我叫它EmployeeID
。
Connection
s 和Command
s 需要被释放以释放非托管代码。即使有错误,Using...End Using
块也会为我们处理这个问题。为此,需要在使用它们的方法中的Using
中声明连接,而不是作为类级别变量。
从不将字符串与要输入数据库的值连接起来。这可能会导致 sql 注入并损坏您的数据库。 始终使用其值不被数据库视为可执行代码的参数。我不得不猜测参数的数据类型。检查您的数据库中的实际类型。
Private Sub btnSubmit_Click(sender As Object, e As EventArgs) Handles btnSubmit.Click
'Declare double variables for Bank and Protected time.
Dim dblBank As Double = CDbl(lblBank.Text)
Dim dblProtected As Double = CDbl(lblProtected.Text)
Dim intEmployeeID = CInt(txtEmployee.Text)
'Ensure there is a value selected in both combo boxes or display a message box. If times are entered correctly then process the calcuations to reduce each PTO bank accordingly based off the user input.
If cboStart.Text = "" OrElse cboEnd.Text = "" Then
MessageBox.Show("You must select a start and end time.", "Service Delivery PTO Tracker", MessageBoxButtons.OK, MessageBoxIcon.Error)
Else
'Assign the start/end combobox selection to the start/end variables And duration is equal to the difference of the selected times.
Dim startTime = CDate(cboStart.SelectedItem)
Dim endTime = CDate(cboEnd.SelectedItem)
Dim duration = endTime - startTime
'Display the appropriate hours in the designated labels.+
Dim dblHours = duration.TotalHours
lblHours.Text = dblHours.ToString
Dim dblBankBalance = dblBank - duration.TotalHours
lblBank.Text = dblBandBalance.ToString
'If the radio button for Protected Time is selected then reduce both bank and protected labels based off the PTO selection.
If radProtected.Checked Then
Dim dblProtectedBalance = dblProtected - dblHours
lblProtected.Text = dblProtectedBalance.ToString
'You already did the subtraction above
'lblBank.Text -= lblHours.Text
End If
'Update the values of the PTO Bank and Protected time into the database, show a messagebox that the PTO hours have been successfully updated.
UpdateDatabase()
'Update the datagridview in real time as the PTO is input (this is for developing only right now).
LoadDataGrid()
End If
MessageBox.Show("PTO Updated Successfully!")
'Reset the radio button for Protected Time once the PTO selection is complete.
radProtected.Checked = False
End Sub
Private ConStr As String = "Your connection string"
Private Sub UpdateDatabase(Bank As Double, Protect As Double, EmpID As Integer)
Using con As New SqlConnection(ConStr),
command As New SqlCommand("UPDATE TimeBank SET Bank = @Bank, Protected = @Protect Where EmployeeID = @ID;", con)
command.Parameters.Add("@Bank", SqlDbType.Float).Value = Bank
command.Parameters.Add("@Protect", SqlDbType.Float).Value = Protect
command.Parameters.Add("@ID", SqlDbType.Int).Value = EmpID
con.Open()
command.ExecuteNonQuery()
End Using
End Sub
【讨论】:
这非常有帮助,非常感谢!以上是关于SQL 新手并遇到语法问题 (VB.NET)的主要内容,如果未能解决你的问题,请参考以下文章