visual-studio-2010 - 使用 VB 2013 的 SQL 插入查询
问题描述
Private Sub ButtonCreate_Click(sender As Object, e As EventArgs) Handles ButtonCreate.Click Try If TextUsername.Text = "" Then MsgBox("Isi terlebih dahulu ID user") Else Koneksi() CMD = New SqlCommand("SELECT username FROM tbl_pengguna WHERE username = '" + TextUsername.Text + "'", CONN) DRead = CMD.ExecuteReader DRead.Read() If Not DRead.HasRows Then Koneksi() CMD = New SqlCommand("INSERT INTO tbl_pengguna(username,password,level_user)值(?,?,?)“,CONN)
With CMD
.Parameters.AddWithValue("?", TextUsername.Text)
.Parameters.AddWithValue("?", TextPassword.Text)
.Parameters.AddWithValue("?", ComboBoxLvU.Text)
.ExecuteNonQuery()
End With
CONN.Close()
Else
Koneksi()
CMD = New SqlCommand("UPDATE tbl_pengguna SET password=?, hak_akses=? WHERE username=?", CONN)
With CMD
.Parameters.AddWithValue("?", TextPassword.Text)
.Parameters.AddWithValue("?", ComboBoxLvU.Text)
.Parameters.AddWithValue("?", TextUsername.Text)
.ExecuteNonQuery()
End With
CONN.Close()
End If
CONN.Close()
call_all()
End If
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub`enter code here`
解决方案
Private Sub ButtonCreate_Click(sender As Object, e As EventArgs) Handles ButtonCreate.Click
If TextUsername.Text = "" Then
MsgBox("Isi terlebih dahulu ID user")
Exit Sub
End If
Try
'Because of connection pooling you should create a **BRAND NEW CONNECTION OBJECT**
Using conn As New SqlConnection("connection string here"),
cmd = New SqlCommand("SELECT username FROM tbl_pengguna WHERE username = @Username", conn)
cmd.Parameters.Add("@Username", SqlDbType.NVarChar, 20).Value = TextUsername.Text
conn.Open()
Using rdr As SqlDataReader = cmd.ExecuteReader()
cmd.Paramters.Clear()
'Use actual database column values in this section.
'Also: plain-text passwords? Is this amateur hour?
If rdr.Read()
cmd.CommandText = "UPDATE tbl_pengguna SET password=@password, hak_akses=@hakakses WHERE username=@username"
cmd.Parameters.Add("@Username", SqlDbType.NVarChar, 20).Value = TextUsername.Text
cmd.Parameters.Add("@password", SqlDbType.NVarChar, 64).Value = TextPassword.Text
cmd.Parameters.Add("@hakakses", SqlDbType.NVarChar, 10).Value = ComboBoxLvU.Text
Else
cmd.CommandText = "INSERT INTO tbl_pengguna(username,password,level_user) VALUES (@Username, @password, @UserLevel)"
cmd.Parameters.Add("@Username", SqlDbType.NVarChar, 20).Value = TextUsername.Text
cmd.Parameters.Add("@password", SqlDbType.NVarChar, 64).Value = TextPassword.Text
cmd.Parameters.Add("@UserLevel", SqlDbType.NVarChar, 10).Value = ComboBoxLvU.Text
End If
End Using
cmd.ExecuteNonQuery()
End Using
call_all()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
推荐阅读
- laravel - 如何在 laravel 中使用 cron 作业在 localpath 中存储 excel 文件?
- vba - VBA - 如何在 Internet Explorer 上通过 src 或 alt 获取元素
- java - 在反序列化期间如何在不使用无限循环的情况下编写 kafka 消费者?
- node.js - 如何从浏览器获取控制器文件中的 cookie 值或如何从一个节点文件获取可变传递到另一个节点文件
- angular - 设置 Angular 8 测试的顺序
- python-3.x - 如何将字符串的每个单词与另一个字符串进行比较。Python
- google-cloud-platform - 在谷歌云平台上为站点创建邮件域
- openmeetings - 如何在全新安装 openmeetings 4.0.4 后禁用自动重定向到 /openmeetings/install?
- scrapy - Scrapy 新手 - 信息:爬取 0 页(以 0 页/分钟),抓取 0 项(以 0 项/分钟)
- python - 需要对 Django REST 框架中的序列化程序“包含额外的上下文”进行说明