Cant insert data in database (Access) VB.NET

Question

Welcome To Ask or Share your Answers For Others

Cant insert data in database (Access) VB.NET

posted Jan 31, 2022 in Technique[技术] by 深蓝 (71.8m points)

Cant insert data in database (Access) VB.NET

Im working on a project. Our system is Hotel Reservation. In VB it says that it added in my database

but then when I check my database there is none. What is the problem btw Here's the code: Public Class RegistrationForm

Private Sub btnNext_Click(sender As Object, e As EventArgs) Handles btnNext.Click

    qry = "INSERT INTO tblGuest(GuestName, Gender, Address)VALUES('" &
    txtName.Text & "','" &
    txtGender.Text & "','" &
    txtAddress.Text & "');"

    cmd = New OleDb.OleDbCommand(qry, con)
    dr = cmd.ExecuteReader()

    MsgBox("Succesfully added in database")

    RoomInfoForm.Show()
End Sub
Private Sub RegistrationForm_Load(sender As Object, e As EventArgs) Handles MyBase.Load
    koneksyon()
End Sub

End Class

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2022-01-31T07:26:29+0000

Just because your MsgBox fires doesn't mean the query did what you expect. This is more like what you want to do:

Private Sub btnNext_Click(sender As Object, e As EventArgs) Handles btnNext.Click

    'parameterize the query to avoid SQL injection attacks which is the #1 code vulnerability on OWASP Top 10
    Dim qry As String = "INSERT INTO tblGuest(GuestName, Gender, Address)VALUES(?, ?, ?);"

    'Put disposable resources within Using blocks
    Using con As New OleDb.OleDbConnection()
        Using cmd As New OleDb.OleDbCommand(qry, con)

            'Create the parameters.
            Dim paramName As New OleDb.OleDbParameter("@p1", OleDb.OleDbType.VarChar)
            paramName.Value = txtName.Text 'you should null check and validate all these textbox values

            Dim paramGender As New OleDb.OleDbParameter("@p2", OleDb.OleDbType.VarChar)
            paramGender.Value = txtGender.Text

            Dim paramAddress As New OleDb.OleDbParameter("@p3", OleDb.OleDbType.VarChar)
            paramAddress.Value = txtAddress.Text

            'Assign the parameters to the command
            cmd.Parameters.Add(paramName)
            cmd.Parameters.Add(paramGender)
            cmd.Parameters.Add(paramAddress)

            'you are not returning a result set from the command, so ExecuteNonQuery
            cmd.ExecuteNonQuery()

        End Using
    End Using

    MsgBox("Succesfully added in database")

    RoomInfoForm.Show()
End Sub

Categories

Cant insert data in database (Access) VB.NET

Cant insert data in database (Access) VB.NET

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags