首先,你必须使用SQLCommand
and Parameters
避免 sql 注入,因为您正在使用SQLClient
命名空间。尝试将此作为您的Insert
程序。
Private Sub InsertSQL(ByVal param1 As String, ByVal param2 As String, ByVal param3 As String)
Using sqlConn As New SqlConnection("ConnectionStringHere")
Using sqlComm As New SqlCommand()
sqlComm.Connection = sqlConn
sqlComm.CommandType = CommandType.Text
sqlComm.CommandText = "INSERT INTO theTable VALUES (@Param1,@Param2,@Param3,@Param4,@Param5)"
With sqlComm.Parameters
.AddWithValue("@Param1", param1)
.AddWithValue("@Param2", param2)
.AddWithValue("@Param3", param3)
.AddWithValue("@Param4", Now)
.AddWithValue("@Param5", Now)
End With
Try
sqlConn.Open()
sqlComm.ExecuteNonQuery()
Catch ex As SqlException
MsgBox(ex.Message.ToString, MsgBoxStyle.Exclamation, "Error No. " & ex.ErrorCode.ToString)
Finally
sqlConn.Close()
End Try
End Using
End Using
End Sub
其次,你为什么不喜欢使用DataTable
来绑定你的DataGridView
?嗯,这是另一个解决方案。这是你使用的SQLDataReader
你必须循环它才能将记录放入网格中。
Private Sub ReloadGrid(ByVal connectionString As String)
Dim queryString As String = "Your Query Here"
Using connection As New SqlConnection(connectionString)
Dim command As New SqlCommand(queryString, connection)
connection.Open()
Dim reader As SqlDataReader = command.ExecuteReader()
DataGridView1.Rows.Clear() ' Clear All Rows '
While reader.Read()
' Console.WriteLine(String.Format("{0}, {1}", reader(0), reader(1))) '
' Insert the record in your datagrid '
Dim row As String() = New String() {reader(0).ToString, reader(1).ToString, reader(2).ToString}
DataGridView1.Rows.Add(row)
End While
' Call Close when done reading. '
reader.Close()
End Using
End Sub