1 Imports System.Data.SqlServerCe 2 Imports System.Data 3 Imports System.IO 4 5 Public Class Form1 6 Dim CONN As New SqlCeConnection("Data Source=|DataDirectory|\Contactdb.sdf") 7 Dim CMD As SqlCeCommand 8 Dim DA As SqlCeDataAdapter 9 Dim TABLE As DataTable 10 Dim SRDR As StreamReader 11 Dim SWR As StreamWriter 12 13 Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load 14 If CONN.State = ConnectionState.Closed Then 15 CONN.Open() 16 End If 17 If Not My.Computer.FileSystem.DirectoryExists(DIRECTORY) Then My.Computer.FileSystem.CreateDirectory(DIRECTORY) 18 End If 19 If Not System.IO.File.Exists(fname) Then 20 System.IO.File.CreateText(fname) 21 End If 22 23 dgv1.Rows.Clear() 24 25 SRDR = New IO.StreamReader(fname) 26 While SRDR.Peek <> -1 27 txt1 = SRDR.ReadLine() 28 TXT = txt1.Split(vbTab) 29 STR = "INSERT INTO Contactdb(Name,[Mobile],Office) VALUES ('" & TXT(0) & "','" & TXT(1) &"','" & TXT(2) & "')" 30 CMD = New SqlCeCommand(STR) 31 CMD.Connection = CONN 32 CMD.ExecuteNonQuery() 33 End While 34 SRDR.Close() 35 End Sub 36 37 Private Sub btnsave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnsave.Click 38 STR = "INSERT INTO Contactdb(Name,[Mobile],Office)VALUES ('" & txtname.Text & "','" & txtmob.Text & "',,'" & txtoff.Text & "')" 39 CMD = New SqlCeCommand(STR, CONN) 40 CMD.ExecuteNonQuery() 41 MsgBox("Contact of " & txtname.Text & " Saved", vbExclamation, "SAVE") 42 43 Dim wr As New StreamWriter(fname) 44 Dim RC As Integer = dgv1.Rows.Count 45 Dim CC As Integer = dgv1.Columns.Count 46 For i As Integer = 0 To RC - 2 Step +1 47 For j As Integer = 0 To CC - 1 Step +1 48 wr.Write(dgv1.Rows(i).Cells(j).Value & vbTab) 49 Next 50 wr.Write(wr.NewLine) 51 Next 52 wr.Close() 53 End Sub
txtoff
Robert');DELETE FROM Contactdb;--
Using cmd As New SqlCeCommand("INSERT INTO Contactdb (Name, [Mobile], Office) VALUES (@Name, @Mobile, @Office)", CONN) cmd.Parameters.AddWithValue("@Name", TXT(0)) cmd.Parameters.AddWithValue("@Mobile", TXT(1)) cmd.Parameters.AddWithValue("@Office", TXT(2)) cmd.ExecuteNonQuery() End Using
Using cmd As New SqlCeCommand("INSERT INTO Contactdb (Name, [Mobile], Office) VALUES (@Name, @Mobile, @Office)", CONN) cmd.Parameters.AddWithValue("@Name", txtname.Text) cmd.Parameters.AddWithValue("@Mobile", txtmob.Text) cmd.Parameters.AddWithValue("@Office", txtoff.Text) cmd.ExecuteNonQuery() End Using
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)