Vb.net .NET访问错误插入到
我正在尝试使用VISUAL STUDIO将文本框文本插入数据库以下是我的代码:Vb.net .NET访问错误插入到,vb.net,ms-access,Vb.net,Ms Access,我正在尝试使用VISUAL STUDIO将文本框文本插入数据库以下是我的代码: Dim usernme, passwrd As String usernme = REG_USER_USERNAME.Text passwrd = REG_USER_PASSWORD.Text Dim constring As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\Login.accdb" myConnection.Open() Di
Dim usernme, passwrd As String
usernme = REG_USER_USERNAME.Text
passwrd = REG_USER_PASSWORD.Text
Dim constring As String = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\Login.accdb"
myConnection.Open()
Dim sqlQry As String = "INSERT INTO Admins (USERNAME, PASSWORD) VALUES('" & usernme & "','" & passwrd & "')"
MsgBox(sqlQry)
Dim cmd As OleDbCommand = New OleDbCommand(sqlQry, myConnection)
cmd.ExecuteNonQuery()
myConnection.Close()
Dim sqlQry As String = "INSERT INTO Admins (USERNAME, [PASSWORD]) VALUES('" & usernme & "','" & passwrd & "')"
也就是说,当您使用未经消毒的用户输入进行直接连接时,请务必遵循@puropoix发布的建议。您可以这样尝试
*Imports System.Data.OleDb
Public Class Form1
Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
' Requires: Imports System.Data.OleDb
' ensures the connection is closed and disposed
Using connection As New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;" & _
"Data Source=""C:\your_path_here\InsertInto.mdb"";" & _
"Persist Security Info=False")
' open connection
connection.Open()
' Create command
Dim insertCommand As New OleDbCommand( _
"INSERT INTO Table1([inputOne] , [inputTwo] , [inputThree]) " & _
"VALUES (@inputOne, @inputTwo, @inputThree);", _
connection)
' Add the parameters with value
insertCommand.Parameters.AddWithValue("@inputOne", TextBox1.Text)
insertCommand.Parameters.AddWithValue("@inputTwo", TextBox2.Text)
insertCommand.Parameters.AddWithValue("@inputThree", TextBox3.Text)
' you should always use parameterized queries to avoid SQL Injection
' execute the command
insertCommand.ExecuteNonQuery()
MessageBox.Show("Insert is done!!")
End Using
End Sub
End Class*
[PASSWORD]