堆栈内存溢出
  简体   繁体   English

INSERT INTO语句中的语法错误

[英]Syntax error in INSERT INTO statement

 原文  2013-04-26 15:23:23       c#/ database/ ms-access/ insert/ syntax-error

问题描述

I am writing the following code in my C-Sharp Form Application and its giving me the following error. 我正在C-Sharp表单应用程序中编写以下代码,它给了我以下错误。 

> Syntax error in INSERT INTO statement.


OleDbCommand cmd =
    new OleDbCommand(
            "Insert into Info (username, password) Values ('"
          + username
          + "', '" 
          + password 
          + "')"
        , conn
    );

3 个解决方案

解决方案1
 3 已采纳  2013-04-26 15:25:47

The word PASSWORD is a reserved keyword. 密码一词是保留的关键字。 To use it you should enclose the string in square brackets 要使用它,您应该将字符串用方括号括起来 

OleDbCommand cmd = new OleDbCommand("Insert into Info (username, [password]) Values ('" + username + "', '" + password + "')", conn);

And please, please, do not use string concatenation to build sql statements. 而且,请不要使用字符串连接来构建sql语句。 It is a very bad practice that leads to other syntax errors (username or password with single quotes) or worst to a sql injection Attacks. 这是一种非常糟糕的做法,它会导致其他语法错误(用户名或密码带有单引号),或者导致更严重的sql注入攻击。 Take a look here to what could happen if you have a smart and malicious user 看看这里 ,如果您有一个聪明而恶意的用户,将会发生什么 

OleDbCommand cmd = new OleDbCommand("Insert into Info (username, [password]) Values (?,?)", conn);
cmd.Parameters.AddWithValue("@p1", username);
cmd.Parameters.AddWithValue("@p2", password);
cmd.ExecuteNonQuery();

解决方案2
 2  2013-04-26 15:25:20

You need to bracket off password . 您需要将password括起来。 It's a reserved word . 这是一个保留字 

OleDbCommand cmd = 
    new OleDbCommand("Insert into Info (username, [password]) Values ('" + username + "', '" + password + "')", conn);

解决方案3
 1  2013-04-26 15:24:45

Maybe there's an illegal character (such as a single quote) within the username or password variables. 用户名或密码变量中可能存在非法字符(例如单引号)。 Make sure they're sanitized. 确保它们已消毒。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 INSERT INTO语句中的语法错误 - Syntax error in INSERT INTO statement INSERT INTO语句中的语法错误 - Syntax error in INSERT INTO statement INSERT INTO语句中的语法错误 - syntax error in the INSERT INTO statement INSERT INTO 语句错误中的语法错误 - Syntax error in INSERT INTO statement Error INSERT INTO语句OleDBCOmmand中的语法错误 - Syntax error in INSERT INTO statement OleDBCOmmand “INSERT INTO语句中的语法错误”。 为什么? - “Syntax error in INSERT INTO statement”. Why? 在INSERT INTO语句中获取语法错误 - Getting syntax error in INSERT INTO statement INSERT INTO语句中的OleDbCommand语法错误 - OleDbCommand Syntax error in INSERT INTO statement OleDbException:INSERT INTO语句中的语法错误 - OleDbException: Syntax error in INSERT INTO statement INSERT INTO语句在Access中插入时的语法错误 - Syntax error in INSERT INTO statement Insert in Access
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM