所以...我不知道这里发生了什么。我有一个变量组保持当前CustomerID和比较的textbox.text更新只是记录......更新即使使用WHERE子句更新所有记录
Dim updateStatement As String =
"UPDATE Customers SET " &
"Name = """ & txtName.Text & """, " &
"Address = """ & txtAddress.Text & """, " &
"City = """ & txtCity.Text & """, " &
"State = """ & txtState.Text & """, " &
"ZipCode = """ & txtZipCode.Text & """" &
"WHERE """ & txtCustomerID.Text & """ = """ & customerID & """"
这里是整个方法的代码:
Private Sub UpdateCustomer()
Dim connection As OleDbConnection = MMABooksDB.GetConnection()
Dim updateStatement As String =
"UPDATE Customers SET " &
"Name = """ & txtName.Text & """, " &
"Address = """ & txtAddress.Text & """, " &
"City = """ & txtCity.Text & """, " &
"State = """ & txtState.Text & """, " &
"ZipCode = """ & txtZipCode.Text & """" &
"WHERE """ & txtCustomerID.Text & """ = """ & customerID & """"
Dim updateCommand As New OleDbCommand(updateStatement, connection)
Try
connection.Open()
updateCommand.ExecuteNonQuery()
Dim oledbCmd As New OleDbCommand("SELECT @@IDENTITY", connection)
Dim customerID As Integer = customerID
Catch ex As OleDbException : Throw ex
Finally
connection.Close()
End Try
End Sub
所以每当我打接受更新,它更新ALL记录的数据库的...
编辑:是的,我知道这是“坏的编程”不使用参数时,但是这是怎样的中结构想要完成它。
我会对教练......你为什么要教我们陋习,打开自己,SQL注入... – DRapp
你的代码容易受到SQL注入漏洞。请参阅http://technet.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx –