VB.Net使用&_进行下一行
[英]VB.Net using & _ to carry to next line
问题描述
Error Error 1 Operator '&' is not defined for types 'String' and 'System.Windows.Forms.TextBox'. 
错误错误1没有为类型'String'和'System.Windows.Forms.TextBox'定义运算符'&'。
What is wrong with this????!?? 这是怎么了????!??
SQL = "UPDATE ATG_PP_QTE_HEAD SET " & _
"PART = '" & txtPart.Text & "', " & _
"LOCATION = '" & txtLoc.Text & "', " & _
"DESCRIPTION = '" & txtDescription.Text & "', " & _
"CUSTOMER = '" & txtCustID.Text & "', " & _
"CONTACT_NAME = '" & txtContactName.Text & "', " & _
"CONTACT_PHONE = '" & txtPhone.Text & "', " & _
"CONTACT_EMAIL = '" & txtEmail.Text & "', " & _
"LEAD_TIME = '" & txtLead.Text & "', " & _
"SETUP = " & txtSetup.Text & ", " & _
"WEIGHTPP = " & txtPCWT.Text & ", " & _
"NOTES = '" & txtNotes.Text & "', " & _
"LAST_MODIFIED = '" & DateTime.Now & "', " & _
"LABOR_RATE = " & txtLabor.Text & ", " & _
"OVERHEAD = " & txtOH.Text & ", " & _
"GA = " & txtGA.Text & ", " & _
"SORT_CODE = '" & txtSortCode.Text & "', " & _
"REFERENCE = '" & txtReference.Text & "', " & _
"PL = '" & txtPL.Text & "', " & _
"CUST_DRAW_NO = '" & txtCustDraw.Text & "', " & _
"COMMISSION = " & txtCommission.Text & ", " & _
"PCWT = " & txtPCWT & _
"WHERE QUOTE_ID = " & txtQuoteID.Text
1 个解决方案
解决方案1
4 已采纳 2015-06-07 15:39:57
What is wrong with this????!??
Quite a bit, actually. 实际上,还可以。 But let's start with the error itself... 但是让我们从错误本身开始...
On this line: 在这行上:
"PCWT = " & txtPCWT & _
You're trying to concatenate a TextBox to a String . 您正在尝试将TextBox连接到String 。 As the error states, you can't do that. 由于错误状态,您不能这样做。 Perhaps you meant to use the .Text property: 也许您打算使用.Text属性:
"PCWT = " & txtPCWT.Text & _
Now, what else is wrong? 现在,还有什么问题呢?
First, your code is highly vulnerable to SQL injection attacks. 首先,您的代码极易受到 SQL注入攻击的攻击。 You're going to want to use parameterized queries instead of executing user input as code . 您将要使用参数化查询,而不是将用户输入作为代码执行 。
Second, using parameterized queries will make the code a lot easier to read and support, which will make errors like this much easier to find. 其次,使用参数化查询将使代码更易于阅读和支持,这将使查找此类错误变得更加容易。
Third, on this line there's a significant potential for bugs: 第三,在此行中,存在大量潜在的错误:
"LAST_MODIFIED = '" & DateTime.Now & "', " & _
Using parameterized queries will remove the culture-dependent string representations from the query and use the actual DateTime data in the query. 使用参数化查询将从查询中删除与文化相关的字符串表示形式,并在查询中使用实际的 DateTime数据。 And you should also get into the habit of using DateTime.UtcNow instead, as having a consistent non-timezone-dependent value is going to make things a lot easier when you have to deal with multiple time zones. 而且你也应该养成使用习惯DateTime.UtcNow而是作为具有一致的非时区相关的值将会使事情更容易,当你要处理多个时区。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.