Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/sql/74.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
';添加客户&x27;不是';sql';。visual basic_Sql_Sql Server_Vb.net - Fatal编程技术网
Fatal编程技术网
  • sql/
  • ';添加客户&x27;不是';sql';。visual basic

';添加客户&x27;不是';sql';。visual basic

sql sql-server vb.net

';添加客户&x27;不是';sql';。visual basic,sql,sql-server,vb.net,Sql,Sql Server,Vb.net,我正在尝试使用visual basic表单将3个文本框值插入到我的数据库中,我以前在另一个表单上这样做过,它工作正常,因此我复制了代码并更改了名称以适应,但我得到了一个错误:“Addcustomer”不是“sql”的成员 任何帮助都将不胜感激 这是我在表单上使用的代码,错误在这里用蓝色下划线标出: Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click Try S

我正在尝试使用visual basic表单将3个文本框值插入到我的数据库中,我以前在另一个表单上这样做过,它工作正常,因此我复制了代码并更改了名称以适应,但我得到了一个错误:“Addcustomer”不是“sql”的成员

任何帮助都将不胜感激

这是我在表单上使用的代码,错误在这里用蓝色下划线标出:

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click

    Try
        Sql.Addcustomer(addcustomerfname.Text, addcustomersname.Text, addcustomeremail.Text)
        MsgBox("Customer Added")

        addeditmembership.Show()
        Me.Hide()




    Catch ex As Exception
        MsgBox(ex.Message)
    End Try



End Sub
好的,我对VB很陌生,我只是做一个大学作业,所以我只是按照讲师的指示做。 这是我的控制文件的完整代码(包括工作插入和错误插入),我知道这可能是一些愚蠢的错误,但它把我难住了

Public Class SQLControl
    Public SQLCon As New SqlConnection With {.ConnectionString = "Data Source=WADE\SQL2012;Initial Catalog=master;Integrated Security=True;"}
    Public SQLCmd As SqlCommand
    Public SQLDA As SqlDataAdapter
    Public SQLDS As DataSet

Public Function HasConnection() As Boolean
    Try
        SQLCon.Open()
        SQLCon.Close()
        Return True

    Catch ex As Exception
        MsgBox(ex.Message)

    End Try
    Return False


End Function

Public Sub RunQuery(Query As String)
    Try
        SQLCon.Open()

        ' CREATE COMMAND
        SQLCmd = New SqlCommand(Query, SQLCon)

        'Fill Dataset
        SQLDA = New SqlDataAdapter(SQLCmd)
        SQLDS = New DataSet
        SQLDA.Fill(SQLDS)


        SQLCon.Close()
    Catch ex As Exception
        MsgBox(ex.Message )

        'Close connection
        If SQLCon.State = ConnectionState.Open Then

            SQLCon.Close()

        End If
    End Try
End Sub

Public Sub Addmember(member_fname As String, member_sname As String, member_gender As String, member_dob As String,
                      member_address As String, member_postcode As String, member_email As String, member_contact_number As String,
                      member_registration As String, member_discount_rate As Integer)
    Try
        Dim strinsert As String = "INSERT INTO members (member_fname,member_sname,member_gender,member_dob,member_address,member_postcode,member_email,member_contact_number,member_registration,member_discount_rate " & _
                                   ")VALUES(" & _
                                   "'" & member_fname & "'," & _
                                   "'" & member_sname & "'," & _
                                   "'" & member_gender & "'," & _
                                   "'" & member_dob & "'," & _
                                   "'" & member_address & "'," & _
                                   "'" & member_postcode & "'," & _
                                   "'" & member_email & "'," & _
                                   "'" & member_contact_number & "'," & _
                                   "'" & member_registration & "'," & _
                                   "'" & member_discount_rate & "')"





        SQLCon.Open()

        SQLCmd = New SqlCommand(strinsert, SQLCon)

        SQLCmd.ExecuteNonQuery()

        SQLCon.Close()

    Catch ex As Exception

        MsgBox(ex.Message)

    End Try

End Sub

Public Sub Addcustomer(addcustomerfname As String, addcustomersname As String, addcustomeremail As String)
    Try
        Dim customerinsert As String = "INSERT INTO customers (customer_fname,customer_sname,customer_email " & _
                                   ")VALUES(" & _
                                   "'" & addcustomerfname & "'," & _
                                   "'" & addcustomersname & "'," & _
                                   "'" & addcustomeremail & "')"





        SQLCon.Open()

        SQLCmd = New SqlCommand(customerinsert, SQLCon)

        SQLCmd.ExecuteNonQuery()

        SQLCon.Close()

    Catch ex As Exception

        MsgBox(ex.Message)

    End Try
End Sub



End Class
您的代码包含几个问题,最糟糕的是易受攻击,但解决这一问题则是另一回事。(一件简单的事情是参数化查询。有关如何执行此操作的示例,请参阅。)

关于眼前的问题:
Addcustomer
在类
SQLControl
中声明。您正在调用
Sql.Addcustomer
,这意味着包含
Button1\u Click
的表单类应该有一个名为
Sql
的字段或属性,其类型为
SQLControl
。如果不是这样,则必须将字段/属性
Sql声明并初始化为SQLControl

变量Sql在哪里声明?你能给我看一下正在运行的代码吗?顺便说一句,您的sql命令注定要失败。只要试着传递一个包含单引号的字符串(比如name=O'Hara),sql注入就是一场即将发生的灾难。我已经编辑了这个问题,希望能有所帮助。我上个星期刚开始学VB,所以我对它没什么用。这是一个uni作业,讲师说不用担心SQL注入,因为我们只是为了一个简单的演示而展示它。谢谢你的回复,教授说不用担心SQL注入——这对他来说很容易,他不是那个在现实世界中需要担心SQL注入的人。我会要求他退款,他不是什么“老师”。我再问一次:你在哪里声明变量Sql?它是什么类型的?考虑到错误信息,编译器认为Sql是一种不同类型的变量(不是SqlControl),公平地说,他确实说过这是一个大问题,但由于我们只演示一次,他不必太担心。但我会调查一下的。谢谢你,你是对的,我没有在表单中声明sql。新的,那将是愚蠢的事情。我将研究SQL注入攻击,因为我知道它们是一个严重的问题。再次感谢你。