SQL 新手并遇到语法问题 (VB.NET)

Posted

技术标签:

【中文标题】SQL 新手并遇到语法问题 (VB.NET)【英文标题】:New to SQL and having issues with Sytnax (VB.NET) 【发布时间】:2021-10-16 20:08:02 【问题描述】:

总的来说,我对 SQL 和数据库还很陌生(现在在大学的入门课上),我遇到了一些障碍。我正在为我部门的人构建一个带薪休假跟踪器(他们就像孩子一样,无法使用我们已有的工具跟踪自己的事情)。我目前有工作代码,当该人输入总 PTO 小时数时,它会将适当的记录添加到我的数据库中,但是在尝试编辑该记录时,我不断收到语法错误。

我正在尝试根据计算为两个标签的内容来减少/更新数据库条目,以便在应用程序中更容易阅读。我已经查看了多个 YouTube 视频和主题,但仍然没有帮助(这就是我在这里的原因)。下面是我目前在“提交 PTO”按钮的点击事件中的代码:

Private Sub btnSubmit_Click(sender As Object, e As EventArgs) Handles btnSubmit.Click
    'Delcare variables for the duration of PTO taken.
    Dim startTime As DateTime
    Dim endTime As DateTime
    Dim duration As TimeSpan

    'Declare double variables for Bank and Protected time.
    Dim dblBank As Double = lblBank.Text
    Dim dblProtected As Double = lblProtected.Text

    'Ensure there is a value selected in both combo boxes or display a message box. If times are entered correctly then process the calcuations to reduce each PTO bank accordingly based off the user input.
    If cboStart.Text = "" And cboEnd.Text = "" Then
        MessageBox.Show("You must select a start and end time.", "Service Delivery PTO Tracker", MessageBoxButtons.OK, MessageBoxIcon.Error)
    Else
        'Assign the start/end combobox selection to the start/end variables And duration is equal to the difference of the selected times.
        startTime = cboStart.SelectedItem
        endTime = cboEnd.SelectedItem
        duration = endTime - startTime

        'Display the appropriate hours in the designated labels.+
        lblHours.Text = duration.TotalHours
        lblBank.Text -= lblHours.Text

        'Update the values of the PTO Bank and Protected time into the database, show a messagebox that the PTO hours have been successfully updated.

        con.Open()
        Dim command As New SqlCommand("UPDATE TimeBank SET Bank = '" & dblBank & "', Protected = '" & dblProtected & "')", con)
        command.ExecuteNonQuery()
        MessageBox.Show("PTO Updated Successfully!")
        con.Close()

        'Update the datagridview in real time as the PTO is input (this is for developing only right now).
        LoadDataGrid()

        'If the radio button for Protected Time is selected then reduce both bank and protected labels based off the PTO selection.
        If radProtected.Checked Then
            lblProtected.Text -= lblHours.Text
            lblBank.Text -= lblHours.Text
        End If
    End If

    'Reset the radio button for Protected Time once the PTO selection is complete.
    radProtected.Checked = False

End Sub

对此的任何帮助将不胜感激。这可能是一件愚蠢的事情,但我显然无法找到它来挽救我的生命。

【问题讨论】:

删除 UPDATE 查询末尾的 )。除此之外,它很脆弱。查看准备好的语句来解决这个问题 感谢您的快速回复。这修复了我的语法错误,但我仍然没有在我的数据库中看到更新,但我会自己研究更多。再次感谢 juergen d! 请在构建后提供您的 SQL 文本。 现在和永远开启 Option Strict。项目属性 -> 编译选项卡。同时设置工具 -> 选项 -> 项目和解决方案 -> VB 默认值。 你在学习什么教程?我问很多新手这个问题,因为他们一遍又一遍地犯同样的严重错误。我真的很想知道为什么几乎每个 SQL 新手都出现编写 SQL 注入易被黑客攻击的代码 - 如果那里有他们需要的糟糕教程定影;没有人应该教你写这样的代码 【参考方案1】:

不要尝试用Strings 进行算术运算。 Text 属性包含 Strings。

更新数据库后更改受保护的值。如果您不更改该字段,则更新该字段是愚蠢的。

我将假设您要更新特定员工的记录。我为Integer 的员工ID 添加了一个文本框。我还猜到数据库中有一个字段用于 Id。我叫它EmployeeID

Connections 和Commands 需要被释放以释放非托管代码。即使有错误,Using...End Using 块也会为我们处理这个问题。为此,需要在使用它们的方法中的Using 中声明连接,而不是作为类级别变量。

从不将字符串与要输入数据库的值连接起来。这可能会导致 sql 注入并损坏您的数据库。 始终使用其值不被数据库视为可执行代码的参数。我不得不猜测参数的数据类型。检查您的数据库中的实际类型。

Private Sub btnSubmit_Click(sender As Object, e As EventArgs) Handles btnSubmit.Click
    'Declare double variables for Bank and Protected time.
    Dim dblBank As Double = CDbl(lblBank.Text)
    Dim dblProtected As Double = CDbl(lblProtected.Text)
    Dim intEmployeeID = CInt(txtEmployee.Text)
    'Ensure there is a value selected in both combo boxes or display a message box. If times are entered correctly then process the calcuations to reduce each PTO bank accordingly based off the user input.
    If cboStart.Text = "" OrElse cboEnd.Text = "" Then
        MessageBox.Show("You must select a start and end time.", "Service Delivery PTO Tracker", MessageBoxButtons.OK, MessageBoxIcon.Error)
    Else
        'Assign the start/end combobox selection to the start/end variables And duration is equal to the difference of the selected times.
        Dim startTime = CDate(cboStart.SelectedItem)
        Dim endTime = CDate(cboEnd.SelectedItem)
        Dim duration = endTime - startTime
        'Display the appropriate hours in the designated labels.+
        Dim dblHours = duration.TotalHours
        lblHours.Text = dblHours.ToString
        Dim dblBankBalance = dblBank - duration.TotalHours
        lblBank.Text = dblBandBalance.ToString
        'If the radio button for Protected Time is selected then reduce both bank and protected labels based off the PTO selection.
        If radProtected.Checked Then
            Dim dblProtectedBalance = dblProtected - dblHours
            lblProtected.Text = dblProtectedBalance.ToString
            'You already did the subtraction above
            'lblBank.Text -= lblHours.Text
        End If
        'Update the values of the PTO Bank and Protected time into the database, show a messagebox that the PTO hours have been successfully updated.
        UpdateDatabase()
        'Update the datagridview in real time as the PTO is input (this is for developing only right now).
        LoadDataGrid()
    End If
    MessageBox.Show("PTO Updated Successfully!")
    'Reset the radio button for Protected Time once the PTO selection is complete.
    radProtected.Checked = False
End Sub

Private ConStr As String = "Your connection string"

Private Sub UpdateDatabase(Bank As Double, Protect As Double, EmpID As Integer)
    Using con As New SqlConnection(ConStr),
            command As New SqlCommand("UPDATE TimeBank SET Bank = @Bank, Protected = @Protect Where EmployeeID = @ID;", con)
        command.Parameters.Add("@Bank", SqlDbType.Float).Value = Bank
        command.Parameters.Add("@Protect", SqlDbType.Float).Value = Protect
        command.Parameters.Add("@ID", SqlDbType.Int).Value = EmpID
        con.Open()
        command.ExecuteNonQuery()
    End Using
End Sub

【讨论】:

这非常有帮助,非常感谢!

以上是关于SQL 新手并遇到语法问题 (VB.NET)的主要内容,如果未能解决你的问题,请参考以下文章

SQL插入语句语法错误VB.net

如何解决 vb.net 中的这个 SQL 语法错误?

在 sql 语法中出现错误,vb.net 中的 mysql update 语句

将 SQL 命令从 vb .net 转换为 C#

从 VB.NET 复选框选项构建 SQL 查询时遇到问题

使用 VB.NET 应用程序手动创建 MySQL 触发器(语法错误)