堆栈内存溢出
  简体   繁体   English

尝试将新记录插入Access数据库时出现SQL语法错误

[英]SQL syntax error when trying to insert new record into Access database

 原文  2013-05-02 18:49:00       sql/ database/ vb.net/ ms-access

问题描述

I have a simple asp.net form for an individual to fill out, and the code I used on this particular page works in several other locations, but this page is giving me an issue. 我有一个简单的asp.net表单供个人填写,我在此特定页面上使用的代码可在其他几个位置使用,但是此页面给我一个问题。

It's saying there is a syntax error in the INSERT statement. 就是说INSERT语句中存在语法错误。 Can you see anything wrong with it? 您能看到有什么问题吗?

The click event code: 点击事件代码: 

cmdInsert.CommandText = "INSERT INTO Position (Com_ID, Stu_ID, Pos_StartDate, Pos_Type, Pos_Description, Pos_Title) VALUES (' " & ddlCompany.SelectedValue & " ', ' " & ddlStudent.SelectedValue & " ', #" & CalStartDate.SelectedDate.Date & "#, ' " & ddlPositionType.SelectedValue & " ', ' " & txtDescription.Text & " ', ' " & txtPositionTitle.Text & " ');"

'MsgBox(cmdInsert.CommandText)
cmdInsert.CommandType = CommandType.Text
cmdInsert.Connection = cnnOLEDB
cmdInsert.ExecuteNonQuery()

txtPositionTitle.Text = ""
txtDescription.Text = "Record inserted."
CalStartDate.SelectedDates.Clear()
cmdInsert.Dispose()

The data captured from the form lines up with the data type in the database. 从表单捕获的数据与数据库中的数据类型对齐。 Any ideas? 有任何想法吗?

Here's the stack trace: 这是堆栈跟踪: 

[OleDbException (0x80040e14): Syntax error in INSERT INTO statement.]
   System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr) +1081356
   System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) +247
   System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) +194
   System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) +58
   System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) +167
   System.Data.OleDb.OleDbCommand.ExecuteNonQuery() +113
   Tiger_Recruiting.WebForm3.btnSaveStudentRecord_Click(Object sender, EventArgs e) in C:\Users\Garrett\Downloads\Tiger Recruiting(3)\Tiger Recruiting(3)\Tiger Recruiting(3)\Tiger Recruiting\Tiger Recruiting\position.aspx.vb:28
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +141
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +149
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +39
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +37
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +87
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +4225

1 个解决方案

解决方案1
 2 已采纳  2013-05-02 19:44:27

The word POSITION is a reserved keyword in MS-Access-Jet. 单词POSITION是MS-Access-Jet中的保留关键字。
You use it for a table name thus you need to encapsulate it with square brackets 您将其用作表名,因此需要用方括号将其封装 

cmdInsert.CommandText = "INSERT INTO [Position] .......

A part from this, your code is very bad. 一部分,您的代码非常糟糕。 Do not use string cancatenation to build sql commands. 不要使用字符串cancatenation来构建sql命令。
This practice leads to syntax error when in your input there is a single quote or do you have other fields that require a particular formatting of the input value. 当您的输入中有一个单引号或您有其他字段需要输入值的特定格式时,这种做法会导致语法错误。 But the worst of all is the problem of Sql Injection Look here for a funny explanation 但是最糟糕的是Sql Injection的问题。 在这里寻找有趣的解释

So your code should be written in this way: 因此,您的代码应采用以下方式编写: 

cmdInsert.CommandText = "INSERT INTO [Position] (Com_ID, Stu_ID, Pos_StartDate, Pos_Type, " + 
                        "Pos_Description, Pos_Title) VALUES " + 
                        "(?,?,?,?,?,?)"
cmdInsert.Parameters.AddWithValue("@p1",ddlCompany.SelectedValue)
cmdInsert.Parameters.AddWithValue("@p2",ddlStudent.SelectedValue)
cmdInsert.Parameters.AddWithValue("@p3",CalStartDate.SelectedDate.Date)
cmdInsert.Parameters.AddWithValue("@p4",ddlPositionType.SelectedValue)
cmdInsert.Parameters.AddWithValue("@p5",txtDescription.Text)
cmdInsert.Parameters.AddWithValue("@p6",txtPositionTitle.Text)
cmdInsert.Connection = cnnOLEDB
cmdInsert.ExecuteNonQuery()

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 VB:尝试使用SQL插入数据库时​​出现语法错误 - VB: Syntax error when trying to insert to database with SQL 尝试插入MS Access数据库时出错 - Error when trying to insert into MS Access Database 尝试插入SQL Azure数据库表记录时出错 - Error While Trying To Insert A SQL Azure Database Table Record 尝试向数据库插入行时,SQL语法无效 - Invalid SQL syntax when trying to insert a row to the database 将数据记录保存到数据库中时,SQL语法错误 - An error in SQL syntax when saving data record into the database 尝试插入数据表的数组值时出现SQL语法错误 - SQL Syntax error when trying to insert array values of a Datatable SQL语法错误尝试将行插入表时出现异常 - SQL Syntax Error Exception when trying to insert row into table 尝试在SQL中插入多行时出现语法错误? - Syntax error when trying to insert multiple rows in SQL? 尝试将Play应用程序连接到mysql数据库时出现SQL语法错误 - SQL syntax error when trying to connect Play application to mysql database 尝试使用Java写入数据库时​​SQL语法错误 - Error in SQL syntax when trying to write to the database with Java
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM