在vbnet中插入新行

Question

這是我如何在vb.net中在MYSQL上插入一個新人

Dim cmd2 As New MySqlCommand("INSERT INTO login (username, password) VALUES (username ,
 password)", db_con)

或者有更好的方法來做到這一點。

Answer 1

使用參數化查詢來防止SQL注入或甚至更好地使用存儲過程。

Imports System
Imports System.Collections.Generic
Imports System.Linq
Imports System.Text

Imports System.Data
Imports MySql.Data
Imports MySql.Data.MySqlClient

Module Module1

    Sub Main()
        Dim conn As New MySqlConnection()
        conn.ConnectionString = "xyz"
        Dim cmd As New MySqlCommand()


       'Here we execute a command to insert data via stored procedure
        Try
            Console.WriteLine("Connecting to MySQL...")
            conn.Open()
            cmd.Connection = conn

            cmd.CommandText = "add_emp"
            cmd.CommandType = CommandType.StoredProcedure

            cmd.Parameters.AddWithValue("@uname", "Jeremy")
            cmd.Parameters("@uname").Direction = ParameterDirection.Input

            cmd.Parameters.AddWithValue("@pword", "123abc")
            cmd.Parameters("@pword").Direction = ParameterDirection.Input

            cmd.Parameters.AddWithValue("@empno", MySqlDbType.Int32)
            cmd.Parameters("@empno").Direction = ParameterDirection.Output

            cmd.ExecuteNonQuery()

            Console.WriteLine("Employee number: " & cmd.Parameters("@empno").Value)
        Catch ex As MySql.Data.MySqlClient.MySqlException
            Console.WriteLine(("Error " & ex.Number & " has occurred: ") + ex.Message)
        End Try
        conn.Close()
        Console.WriteLine("Done.")

    End Sub

End Module

Sub Main()
    Dim conn As New MySqlConnection()
    conn.ConnectionString = "server=localhost;user=root;database=world;port=3306;password=******;"
    Dim cmd As New MySqlCommand()

    'HERE WE EXECUTE A COMMAND TO CREATE THE TABLE AND STORED PROCEDURE
    Try
        Console.WriteLine("Connecting to MySQL...")
        conn.Open()
        cmd.Connection = conn
        cmd.CommandText = "DROP PROCEDURE IF EXISTS add_emp"
        cmd.ExecuteNonQuery()
        cmd.CommandText = "DROP TABLE IF EXISTS emp"
        cmd.ExecuteNonQuery()
        cmd.CommandText = "CREATE TABLE emp (empno INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, user_name VARCHAR(20), password VARCHAR(20))"
        cmd.ExecuteNonQuery()

        cmd.CommandText = "CREATE PROCEDURE add_emp(" & "IN uname VARCHAR(20), IN pword VARCHAR(20), OUT empno INT)" & "BEGIN INSERT INTO emp(user_name, password, birthdate) " & "VALUES(uname, pword); SET empno = LAST_INSERT_ID(); END"

        cmd.ExecuteNonQuery()
    Catch ex As MySqlException
        Console.WriteLine(("Error " & ex.Number & " has occurred: ") + ex.Message)
    End Try
    conn.Close()
    Console.WriteLine("Connection closed.")
End Sub

Answer 2

為了防止SQL注入你必須使用參數化查詢。我給你一個函數的參考，你必須使你的函數像這樣的東西，如

插入功能

Public Shared Function InsertFile(ByVal name As String, ByVal pwd As String) As Integer
Dim sql As String
sql = "insert into login (username,password) values (?uname, ?upass);"
Dim params1(2) As MySqlParameter
params1(1) = New MySqlParameter("?uname", name )
params1(2) = New MySqlParameter("?upass", pwd )
Return MySqlHelper.ExecuteNonQuery(sql, params1)
End Function

現在創建一個新的ExecuteNonQuery函數來執行查詢

ExecuteNonQuery函數

Public Shared Function ExecuteNonQuery(ByVal sql As String, ByVal params() As MySqlParameter) As Integer
Dim cnn As New MySqlConnection(connectionstring)
Dim cmd As New MySqlCommand(sql, cnn)
For i As Integer = 0 To params.Length - 1
cmd.Parameters.Add(params(i))
Next
cnn.Open()
Dim retval As Integer = cmd.ExecuteNonQuery()
cnn.Close()
Return retval
End Function

這就是方式，希望你理解。

Answer 3

INSERT INTO登錄（用戶名，密碼）VALUES（？，？）