stackoom
  简体   繁体   中英

VB.Net using & _ to carry to next line

 原文  2015-06-07 15:33:10       vb.net/ string

Question

Error Error 1 Operator '&' is not defined for types 'String' and 'System.Windows.Forms.TextBox'.

What is wrong with this????!?? 

       SQL = "UPDATE ATG_PP_QTE_HEAD SET " & _
            "PART = '" & txtPart.Text & "', " & _
            "LOCATION = '" & txtLoc.Text & "', " & _
            "DESCRIPTION = '" & txtDescription.Text & "', " & _
            "CUSTOMER = '" & txtCustID.Text & "', " & _
            "CONTACT_NAME = '" & txtContactName.Text & "', " & _
            "CONTACT_PHONE = '" & txtPhone.Text & "', " & _
            "CONTACT_EMAIL = '" & txtEmail.Text & "', " & _
            "LEAD_TIME = '" & txtLead.Text & "', " & _
            "SETUP = " & txtSetup.Text & ", " & _
            "WEIGHTPP = " & txtPCWT.Text & ", " & _
            "NOTES = '" & txtNotes.Text & "', " & _
            "LAST_MODIFIED = '" & DateTime.Now & "', " & _
            "LABOR_RATE = " & txtLabor.Text & ", " & _
            "OVERHEAD = " & txtOH.Text & ", " & _
            "GA = " & txtGA.Text & ", " & _
            "SORT_CODE = '" & txtSortCode.Text & "', " & _
            "REFERENCE = '" & txtReference.Text & "', " & _
            "PL = '" & txtPL.Text & "', " & _
            "CUST_DRAW_NO = '" & txtCustDraw.Text & "', " & _
            "COMMISSION = " & txtCommission.Text & ", " & _
            "PCWT = " & txtPCWT & _
            "WHERE QUOTE_ID = " & txtQuoteID.Text

1 answers

solution1
 4 ACCPTED  2015-06-07 15:39:57

What is wrong with this????!??

Quite a bit, actually. But let's start with the error itself...

On this line: 

"PCWT = " & txtPCWT & _

You're trying to concatenate a TextBox to a String . As the error states, you can't do that. Perhaps you meant to use the .Text property: 

"PCWT = " & txtPCWT.Text & _

Now, what else is wrong?

First, your code is highly vulnerable to SQL injection attacks. You're going to want to use parameterized queries instead of executing user input as code .

Second, using parameterized queries will make the code a lot easier to read and support, which will make errors like this much easier to find.

Third, on this line there's a significant potential for bugs: 

"LAST_MODIFIED = '" & DateTime.Now & "', " & _

Using parameterized queries will remove the culture-dependent string representations from the query and use the actual DateTime data in the query. And you should also get into the habit of using DateTime.UtcNow instead, as having a consistent non-timezone-dependent value is going to make things a lot easier when you have to deal with multiple time zones.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Printing in next line in a VB.NET Label Read the string within a line and then display the next line in a text file using VB.NET Reading line count using vb.net SQL statement error on continuation to next line in vb.net Next button in VB.net VB.Net's For Next Next not looping in vb.net VB.NET 2010 Console Application Wait for a key for 5 seconds, carry on if not Move right to next cell in Excel using vb.net How to play next audio using VB.Net?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM