堆栈内存溢出
  简体   繁体   English

SQL插入错误VB.NET

[英]SQL insert into error VB.NET

 原文  2012-10-19 11:17:45       mysql/ sql/ vb.net

问题描述

running a vb application with the following code. 使用以下代码运行vb应用程序。 I keep getting an error on my 'INSERT INTO' sql query, can anyone see what im doing wrong? 我在“ INSERT INTO” SQL查询中不断收到错误,有人可以看到我在做什么错吗? This is the error - Syntax error in INSERT INTO statement. 这是错误-INSERT INTO语句中的语法错误。 

 connetionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source = C:\Users\Dave\Documents\joblist.mdb;"

            connection = New OleDb.OleDbConnection(connetionString)


            Sql = "INSERT INTO jobList (StaffID, staffName, staffLastName, note, fault, section, techID, jobcomplete) VALUES ('" & staffid & "','" & staffFN & "','" & staffLN & "','" & staffNotes & "','" & staffFault & "', '" & staffSection & "', '" & techId & "','" & ava & "')"
            connection.Open()
            oledbAdapter.UpdateCommand = connection.CreateCommand
            oledbAdapter.UpdateCommand.CommandText = Sql
            oledbAdapter.UpdateCommand.ExecuteNonQuery()
            connection.Close()
            Me.JobListTableAdapter.Fill(Me.JoblistDataSet2.jobList)

2 个解决方案

解决方案1
 0  2012-10-19 11:30:09

I assume you should use the InsertCommand instead of the UpdateCommand property since you are inserting. 我假设您正在插入,因此应该使用InsertCommand而不是UpdateCommand属性。 

oledbAdapter.InsertCommand.CommandText = "INSERT INTO jobList (StaffID, staffName, ....

Note that you're open for SQL-Injection and should use Parameters instead. 请注意,您可以使用SQL-Injection,而应改用Parameters You should also use Using statement to ensure that the connection gets closed even on error. 您还应该使用Using语句来确保即使出错也可以关闭连接。

解决方案2
 0 已采纳  2012-10-19 11:34:39

Note and Section are reserved words in Jet SQL You need to encapsulate them with square brackets NoteSectionJet SQL中的保留字,您需要使用方括号将它们封装起来 

Sql = "INSERT INTO jobList (StaffID, staffName, staffLastName, [note], fault, " +
      "[section], techID, jobcomplete) VALUES (......)"

This is the source of you syntax error, but ..... 这是您语法错误的来源,但是.....
aside from that, you have many problems here: 除此之外,这里还有很多问题:

  • As pointed out by Tim Schmeiter, you use the update command instead of insert command. 正如Tim Schmeiter指出的那样,您使用update命令而不是insert命令。
  • you concatenate input text from your user to form an sql string. 您将用户的输入文本连接起来以形成sql字符串。 This leads to sql injection attacks and problems in correct parsing of text (apostrophes, invalid dates, invalid numbers, etc) 这会导致sql注入攻击和正确解析文本的问题(撇号,无效日期,无效数字等)
  • staffID and techID seems to be numeric fields in the database, but you put their values inside single quotes like strings. staffIDtechID似乎是数据库中的数字字段,但是您将它们的值放在单引号内,例如字符串。 If they are numerics you will get another possible error there. 如果它们是数字,那么您将在此得到另一个可能的错误。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 错误插入日期mysql vb.net - error insert date mysql vb.net MySQL使用VB.net插入错误 - MySQL Insert into error using VB.net VB.Net中的SQL语句错误 - SQL statement error in VB.Net vb.net插入查询 - vb.net insert query 在VB.Net中的MySQL中插入查询中的语法错误 - Syntax error in Insert query in Mysql in VB.Net 从 VB.net 插入 mysql 时出错 - Error making an insert to mysql from VB.net INSERT失败:VB.net中的MySql语法出错 - INSERT Failed: Error in MySql syntax in VB.net 致命错误:从日期数据类型的VB.net插入MySQL - Fatal Error: MySQL Insert from VB.net of Date datatype 插入错误 system.format.exception vb.net - insert error system.format.exception vb.net VB.NET-将日期插入Mysql数据库错误 - VB.NET - Insert Date Into Mysql Database Error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM