打开字符串')'后的引号
Open the quotes after the character string ')'
我尝试向我的 table 中插入数据,但问题是给我一个错误
子句 Return Cmd.ExecuteReader:
Open the quotes after the character string ')'
这里是我的文件 MyModule.VB 中的代码。
Public 模块 MyModule1
Public ServerName As String = "MIRA"
Public dataBaseName As String = "BaseDB"
Public Cn As New SqlConnection("server=" & ServerName & "; initial catalog=" & dataBaseName & " ; integrated security= true")
Public Cmd As New SqlCommand
Public Dr As SqlDataReader
Public Sub OpenCn()
If Cn.State <> ConnectionState.Open Then
Cn.Open()
End If
End Sub
Public Sub CloseCn()
If Cn.State = ConnectionState.Open Then
Cn.Close()
End If
End Sub
'Type r = select w insert updaate delete
Public Function ExecSQL(ByVal sql As String, Optional ByVal type As String = "r")
OpenCn()
Cmd.CommandType = CommandType.Text
Cmd.CommandText = sql
Cmd.Connection = Cn
If type = "r" Then
Return Cmd.ExecuteReader
Else
Return Cmd.ExecuteNonQuery
End If
CloseCn()
End Function
Public Function AddDB(ByVal natureD As String, ByVal codeP As String, ByVal exigence As String, ByVal nomE As String, ByVal Dt As String, ByVal equipe As String, ByVal Dat1 As String, ByVal Suivi As String)
Return ExecSQL("insert into DossierB values('" & natureD & "', '" & codeP & "', '" & exigence & "', '" & nomE & "', '" & Dt & "', '" & equipe & "', '" & Dat1 & "', '" & Suivi & "' )")
End Function
End Sub
这里是 AjoutDB.aspx.vb
的代码
Public Class AjoutDB
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
End Sub
Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim natureD = Request.Form("DropDownList1")
Dim codeP = Request.Form("TextBox2")
Dim exigence = Request.Form("TextBox5")
Dim nomE = Request.Form("TextBox4")
Dim dt = Request.Form("TextBox8")
Dim equipe = Request.Form("TextBox6")
Dim Dat1 = Request.Form("TextBox9")
Dim Suivi = Request.Form("TextBox7")
AddDB(natureD, codeP, exigence, nomE, dt, equipe, Dat1, Suivi)
MsgBox("données inserees")
End Sub
结束Class
非常感谢
您需要参数化您的查询。这并不能直接回答您的问题,但在您对查询进行参数化之前,您可能会看到无穷无尽的错误。
事实上,您的数据库很容易被攻击者操纵。事实上,您的整台机器的安全都可能处于危险之中。
这里有一个基本的解释和一个参数化的例子:
我尝试向我的 table 中插入数据,但问题是给我一个错误 子句 Return Cmd.ExecuteReader:
Open the quotes after the character string ')'
这里是我的文件 MyModule.VB 中的代码。 Public 模块 MyModule1
Public ServerName As String = "MIRA"
Public dataBaseName As String = "BaseDB"
Public Cn As New SqlConnection("server=" & ServerName & "; initial catalog=" & dataBaseName & " ; integrated security= true")
Public Cmd As New SqlCommand
Public Dr As SqlDataReader
Public Sub OpenCn()
If Cn.State <> ConnectionState.Open Then
Cn.Open()
End If
End Sub
Public Sub CloseCn()
If Cn.State = ConnectionState.Open Then
Cn.Close()
End If
End Sub
'Type r = select w insert updaate delete
Public Function ExecSQL(ByVal sql As String, Optional ByVal type As String = "r")
OpenCn()
Cmd.CommandType = CommandType.Text
Cmd.CommandText = sql
Cmd.Connection = Cn
If type = "r" Then
Return Cmd.ExecuteReader
Else
Return Cmd.ExecuteNonQuery
End If
CloseCn()
End Function
Public Function AddDB(ByVal natureD As String, ByVal codeP As String, ByVal exigence As String, ByVal nomE As String, ByVal Dt As String, ByVal equipe As String, ByVal Dat1 As String, ByVal Suivi As String)
Return ExecSQL("insert into DossierB values('" & natureD & "', '" & codeP & "', '" & exigence & "', '" & nomE & "', '" & Dt & "', '" & equipe & "', '" & Dat1 & "', '" & Suivi & "' )")
End Function
End Sub
这里是 AjoutDB.aspx.vb
的代码Public Class AjoutDB
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
End Sub
Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim natureD = Request.Form("DropDownList1")
Dim codeP = Request.Form("TextBox2")
Dim exigence = Request.Form("TextBox5")
Dim nomE = Request.Form("TextBox4")
Dim dt = Request.Form("TextBox8")
Dim equipe = Request.Form("TextBox6")
Dim Dat1 = Request.Form("TextBox9")
Dim Suivi = Request.Form("TextBox7")
AddDB(natureD, codeP, exigence, nomE, dt, equipe, Dat1, Suivi)
MsgBox("données inserees")
End Sub
结束Class 非常感谢
您需要参数化您的查询。这并不能直接回答您的问题,但在您对查询进行参数化之前,您可能会看到无穷无尽的错误。
事实上,您的数据库很容易被攻击者操纵。事实上,您的整台机器的安全都可能处于危险之中。
这里有一个基本的解释和一个参数化的例子: