[英]Creating Search Function using Vb.Net in Visual Studio and SQL Server Database
[英]how to search records in sql server using vb.net
抱歉,我是vb.net的新程序員,所以我需要一些幫助。 我不熟悉sql server,這是我插入員工信息時的代碼。 它工作正常,我的問題是如何僅使用emp_id搜索此記錄
Dim mycommand As SqlCommand
myconnection = New SqlConnection("server=;uid=admin;pwd=;database=payroll")
myconnection.Open()
mycommand = New SqlCommand("INSERT INTO employee_info([employee_id],
[first_name],[last_name],[middle_name],[email],[telephone],
[gender],[status],[date_birth],[hire_date],[street_add],[city],
[state_province]) values ('" & Employee_idTextBox.Text & "','" &
First_nameTextBox.Text & "','" & Last_nameTextBox.Text & "','" &
Middle_nameTextBox.Text & "','" & EmailTextBox.Text & "','" &
TelephoneTextBox.Text & "','" & GenderTextBox.Text & "','" &
StatusTextBox.Text & "','" & Date_birthDateTimePicker.Value.Date &
"','" & Hire_dateDateTimePicker.Value.Date & "','" &
Street_addTextBox.Text & "','" & CityTextBox.Text & "','" &
State_provinceTextBox.Text & "')", myconnection)
mycommand.ExecuteNonQuery()
myconnection.Close()
就像其他人指出的那樣,您應該參數化INSERT
以避免SQL Injection漏洞。
這是通過Employee_ID
檢索新插入的Employee記錄的方法
Dim dbConn as SqlConnection
Dim myCommand As SqlCommand
dbConn = New SqlConnection("server=;uid=admin;pwd=;database=payroll")
dbConn.Open()
myCommand = New SqlCommand("SELECT * FROM employee_info WHERE employee_id = @EmployeeId", dbConn)
myCommand.Parameters.AddWithValue("@ EmployeeId", employeeId)
' employeeId in above line is the variable that contains the actual id you want to retrieve
myDataReader = myCommand.ExecuteReader()
' do stuff with the data in myDataReader here
' ...
' .....
myDataReader.Close()
dbConn.Close()
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.