在 Visual Basic .Net 上插入时出现错误
我试图向我的数据库插入数据,但收到错误,这是我第一次使用 VB.Net,因此我们将不胜感激。
这是代码:
Sub InsertGestion(ByVal s As Object, ByVal e As EventArgs)
Dim Records() As String
Records = Split(TBComment.Text, vbCrLf)
Dim record As Integer
For record = 0 To UBound(Records)
oracleCommand = New OracleCommand("INSERT INTO ACTFIL (ACACCTG,ACACCT,ACACTDTE,ACSEQNUM,ACACCODE,ACRCCODE,ACCIDNAM,ACCOMM) values ('1','" + TBNum.text + "','" + TBFecha.Text + "',"+ (record+1) +",'"+TBCodAc.text+"','"+TBCodRes.text+"','"+TBGestor.Text+"','"+record+"')", oracleConexion)
Try
oracleConexion.Open()
oracleCommand.ExecuteNonQuery()
Catch ex As Exception
status.Text = "ERROR al insertar la gestión " + ex.Message + "'" '& ex.Message
Finally
oracleConexion.Close()
Response.Redirect("gestiones.aspx?credito=" + Request.QueryString("credito") + "")
End Try
Next
End Sub
错误:
FormatException: Input string was not in a correct format.]
Microsoft.VisualBasic.CompilerServices.Conversions.ParseDouble(String Value, NumberFormatInfo NumberFormat) +717374
Microsoft.VisualBasic.CompilerServices.Conversions.ToDouble(String Value, NumberFormatInfo NumberFormat) +114
[InvalidCastException: Conversion from string "INSERT INTO ACTFIL (ACACCTG,ACAC" to type 'Double' is not valid.]
Microsoft.VisualBasic.CompilerServices.Conversions.ToDouble(String Value, NumberFormatInfo NumberFormat) +717687
ASP.marcador_gestiones_aspx.InsertGestion(Object s, EventArgs e) in G:\vta-paqV2\marcador\gestiones.aspx:62
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981
这最初是一个更新并且它正在工作,我刚刚修改了 OracleCommand。
顺便说一句,我注意到这不是执行查询的安全方式,如果有人能指出我正确的方向,我将非常感激。
im trying to make an insert to my Database and im receiving an error, is my first time with VB.Net so any help would be greatly appreciated.
Here is the code:
Sub InsertGestion(ByVal s As Object, ByVal e As EventArgs)
Dim Records() As String
Records = Split(TBComment.Text, vbCrLf)
Dim record As Integer
For record = 0 To UBound(Records)
oracleCommand = New OracleCommand("INSERT INTO ACTFIL (ACACCTG,ACACCT,ACACTDTE,ACSEQNUM,ACACCODE,ACRCCODE,ACCIDNAM,ACCOMM) values ('1','" + TBNum.text + "','" + TBFecha.Text + "',"+ (record+1) +",'"+TBCodAc.text+"','"+TBCodRes.text+"','"+TBGestor.Text+"','"+record+"')", oracleConexion)
Try
oracleConexion.Open()
oracleCommand.ExecuteNonQuery()
Catch ex As Exception
status.Text = "ERROR al insertar la gestión " + ex.Message + "'" '& ex.Message
Finally
oracleConexion.Close()
Response.Redirect("gestiones.aspx?credito=" + Request.QueryString("credito") + "")
End Try
Next
End Sub
And the Error:
FormatException: Input string was not in a correct format.]
Microsoft.VisualBasic.CompilerServices.Conversions.ParseDouble(String Value, NumberFormatInfo NumberFormat) +717374
Microsoft.VisualBasic.CompilerServices.Conversions.ToDouble(String Value, NumberFormatInfo NumberFormat) +114
[InvalidCastException: Conversion from string "INSERT INTO ACTFIL (ACACCTG,ACAC" to type 'Double' is not valid.]
Microsoft.VisualBasic.CompilerServices.Conversions.ToDouble(String Value, NumberFormatInfo NumberFormat) +717687
ASP.marcador_gestiones_aspx.InsertGestion(Object s, EventArgs e) in G:\vta-paqV2\marcador\gestiones.aspx:62
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981
This was originally an update and it was working, i just modified the OracleCommand.
Btw, i notice this is not a secure way to execute the queries, if someone can point me on the right direction i'd really appreciate it.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
从查询中提取 oracle 命令并在 Oracle 客户端上运行。这会让你知道你的 oracle 命令是否有问题。
其次,您可以使用 string.format 来形成查询,而不是使用 + 运算符。
处理查询输入的安全方法是通过输入参数。您可以检查以下链接。
http://msdn.microsoft.com/en-us /library/system.data.oracleclient.oracleparameter.aspx
http://blogs.msdn.com/b/alextch/archive/2007/08/21/using-data-parameters-with-oracle -data-provider-for-net.aspx
我希望这有帮助。
谢谢!
达南杰
Extract the oracle command from the query and run on Oracle client. That will let you know if there is anything wrong with your oracle command.
Secondly you can use string.format to form your query rather using + operator.
Secure approach to deal with query inputs is through input parameters. You can check below links.
http://msdn.microsoft.com/en-us/library/system.data.oracleclient.oracleparameter.aspx
http://blogs.msdn.com/b/alextch/archive/2007/08/21/using-data-parameters-with-oracle-data-provider-for-net.aspx
I hope this helps.
Thanks!
Dhananjay