本文介绍了这是参数化查询吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
这是参数化查询吗?以下是代码
-------------------------------------- ----------------------
Is this a parameterized query ? Below is the code
------------------------------------------------------------
Try
con.Open()
ss = "UPDATE emp_master set empid=@empid,empname=@empname,pfno=@pfno,dob=@dob,gender=@gender,contact=@contact,email=@email,doj=@doj," & _
"address=@address,edu=@edu,nationality=@nationality,bloodgroup=@bloodgroup,desig=@desig,exp=@exp,salary=@salary,dept=@dept,pic=@pic,usertype=@usertype WHERE empid=" & txtempid.Text & ""
com = New SqlCommand(ss, con)
com.Parameters.AddWithValue("@empid", txtempid.Text)
com.Parameters.AddWithValue("@empname", txtename.Text)
com.Parameters.AddWithValue("@pfno", txtpfno.Text)
com.Parameters.AddWithValue("@dob", dtpdob.Value.Date)
com.Parameters.AddWithValue("@gender", g)
com.Parameters.AddWithValue("@contact", txtcontact.Text)
com.Parameters.AddWithValue("@email", txtemail.Text)
com.Parameters.AddWithValue("@doj", dtpdoj.Value.Date)
com.Parameters.AddWithValue("@address", txtaddress.Text)
com.Parameters.AddWithValue("@edu", txtedu.Text)
com.Parameters.AddWithValue("@nationality", txtNation.Text)
com.Parameters.AddWithValue("@bloodgroup", cmb_Bloodgrp.Text)
com.Parameters.AddWithValue("@desig", txtdesig.Text)
com.Parameters.AddWithValue("@exp", txtexp.Text)
com.Parameters.AddWithValue("@salary", txtsalary.Text)
com.Parameters.AddWithValue("@dept", txtdept.Text)
com.Parameters.AddWithValue("@pic", arrImg)
com.Parameters.AddWithValue("@usertype", Cmb_utype.Text)
com.ExecuteNonQuery()
MsgBox("Data Updated Successfully !", MsgBoxStyle.Information, MsgBoxStyle.OkCancel)
Catch ex As Exception
MsgBox(ex.Message())
Finally
con.Close()
End Try
推荐答案
这篇关于这是参数化查询吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!