stackoom
  简体   繁体   中英

How to insert into Visual Studio Database using vb.net

 原文  2015-12-08 01:58:07       vb.net/ visual-studio/ visual-studio-2015

Question

I'm using Visual Studio 2015 and I can't get my code to insert data into Visual Studio database. There are no error and the aspx page run fine but the data is not being write. Here is my code: 

Dim strConnectionString As String = System.Configuration.ConfigurationManager.ConnectionStrings("Project1ConnectionString").ConnectionString
    Dim drCart As SqlDataReader
    Dim strSQLStatement As String
    Dim cmdSQL As SqlCommand
    strSQLStatement = "SELECT * FROM OrderHead"
    Dim conn As New SqlConnection(strConnectionString)
    cmdSQL = New SqlCommand(strSQLStatement, conn)
    conn.Open()
    drCart = cmdSQL.ExecuteReader()

    Dim ExpCard = CMonth.Text + CYear.Text
    Dim Fname = FristTxt.Text
    Dim Lname = LastTxt.Text
    Dim Address1 = AddTxt1.Text
    Dim Address2 = AddTxt2.Text
    Dim City = CityTxt.Text
    Dim State = StateDList.Text
    Dim ZipCode = ZipTxt.Text
    Dim PhoneNum = NumTxt.Text
    Dim CreditNum = CNumber.Text
    Dim CreditType = CtypeList.Text

    If drCart.Read() Then

        Dim strSQLStatement2 = "Insert into OrderHead (FirstName, LastName, StreetAddress, City, State, Zip, PhoneNumber, CreditCard, CreditType, ExpDate, StreetAddress2) VALUES (" & Trim(Fname) &
            ", " & Trim(Lname) & ", " & Trim(Address1) & ", " & Trim(City) & ", " & Trim(State) &
            ", " & CInt(ZipCode) & ", " & CInt(PhoneNum) & ", " & CInt(CreditNum) & ", " & Trim(CreditType) &
            ", " & CInt(ExpCard) & ", " & Trim(Address2) & "')"
        Dim conn2 As New SqlConnection(strConnectionString)
        conn2.Open()
        Dim cmdSQL2 = New SqlCommand(strSQLStatement2, conn2)
        drCart = cmdSQL2.ExecuteReader()
        conn2.Close()
    End If

I be greatly appreciated if you can point out my error.

1 answers

solution1
 0  2015-12-08 14:30:57

As Plutonix says: ExecuteReader is for reading the results of a SELECT query a row at a time. You want ExecuteNonQuery to run an INSERT query.

Also, NEVER use concatenation to build a query with user input. In some cases you might find it useful to build queries from pre-defined strings, but with random input, a person with bad intentions could wipe out your entire database with the right input. Use Parameters !!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Update Access database using Visual Studio 2015 - VB.net How to Count Values in Access Database using Visual Studio VB.NET How to Create a New Record in an Access Database using Visual Studio 2019 (VB.NET) Button Click how to clear/refresh DataBind in VB.net using visual studio Using SOAPContext in Visual Studio vb.net Using Visual Studio Code for vb.net : How to enable vb.net intellisense? how to insert multiple records in Access database using VB.NET How to insert image in MySQL Database and retrive it using vb.net? Cannot insert into database using vb.net insert into database using vb.net
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM