Richtextbox进入Vb.net中的Access

Question

I am trying to save richtextbox content to Microsoft Access in a vb 2008.

I have uploaded a rtf file to richtextbox. Now richtextbox have tables, paragraphs.

I tried richtextbox1.rtf, but when i am saving i am getting error as

"Syntax error (missing operator) in query expression ''{\\rtf1\\fbidis\\ansi\\ansicpg1252\\deff0\\deflang1033\\deflangfe1033{\\fonttbl{\\f0\\fswiss\\fprq2\\fcharset0 Calibri;}{\\f1\\fnil\\fcharset0 Calibri;}} \\viewkind4\\uc1\\pard\\ltrpar\\sa200\\sl276\\slmult1\\f0\\fs22 Estonia\\rquote s economic growth c'."

Any suggestions.

Here is my code

    Dim cmd As New OleDbCommand
    Dim sSQL As String = String.Empty

    connection.Open()
    cmd.Connection = connection
    cmd.CommandType = CommandType.Text


    sSQL = "INSERT INTO assessment (a)"
    sSQL = sSQL & " values('" & t1.rtf & "')"
    cmd.CommandText = sSQL
    cmd.ExecuteNonQuery()

    MsgBox("Data has been saved")

Answer 1

Your rtf information probably contains a single quote somewhere, which messes up your string and the database engine can't figure out what is the text anymore.

You need to use parameters:

sSQL = "INSERT INTO assessment (a) values (@a)"

cmd.Parameters.AddWithValue("@a", t1.rtf)

BTW, always use parameters to avoid SQL injection. Someone can write somethine like ';DROP TABLE assessment in your textbox, and guess what, your table would mysteriously disappear. Parameters would protect your from that.