stackoom
  简体   繁体   中英

MySQL Insert into error using VB.net

 原文  2016-04-04 08:50:35       mysql/ vb.net

Question

I am using VB.net to access a MySQL database and insert data into this table. I am getting this data from an opera database, the query I am using is: 

Dim queryInsert As String = "INSERT INTO customer_company(customer_id, name, street, zip, 
city,country,comments) values(" + c.sn_account.Trim + ", " + name + ", " + road + ", " 
+ postcode + ", " + city + ", " + country + ", " + name + ")"

I am then getting an error when it comes to the record:

B010, Charles Birt & Co, Loch House, null, Tenby, Dyfed, Charles Birt & Co

I though that this may be the '&' in the data so I have tried replacing it with || chr(38) || and also escaping it using \\& but these do not work. Also I tried setting the postcode to various things like 'N/A', ' ' and null because this particular record doesn't have a postcode but this still gives the error.

Don't know if its the data or the query, any suggestions would be great.

2 answers

solution1
 3  2016-04-04 09:30:51

Please use parameters when executing SQL commands. This avoids problems like you encounter in your question and also minimizes SQL injection attacks: 

Dim queryInsert As String = 
"INSERT INTO customer_company(customer_id, name, street, zip,city,country,comments) values (@customer_id, @name, @street, @zip, @city, @country, @comments)"

Dim cmd as new MySqlCommand(queryInsert, <YourConnection>)
cmd.Parameters.AddWithValue("@customer_id", c.sn_account.Trim)
cmd.Parameters.AddWithValue("@name", name)
cmd.Parameters.AddWithValue("@street", road)
cmd.Parameters.AddWithValue("@zip", postcode)
cmd.Parameters.AddWithValue("@city", city)
cmd.Parameters.AddWithValue("@country", country)
cmd.Parameters.AddWithValue("@comments", name)
cmd.ExecuteNonQuery();

solution2
 0 ACCPTED  2016-04-04 09:10:02

Not too sure if this will fix your problem but, when adding/inserting a value with a String Data Type Column in SQL, you should have ' '.

in your example: 

Dim queryInsert As String = "INSERT INTO customer_company(customer_id, 
name, street, zip, city,country,comments) 
values(" + c.sn_account.Trim + ", '" + name + "', '" + road + "', " 
+ postcode + ", '" + city + "', '" + country + "', '" + name + "')"

i dont add ' ' in customer_id and postcode because i think that they are not string date type.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question error insert date mysql vb.net insert null into mysql using vb.net INSERT Failed: Error in MySql syntax in VB.net Fatal Error: MySQL Insert from VB.net of Date datatype VB.NET - Insert Date Into Mysql Database Error Syntax error in Insert query in Mysql in VB.Net Error making an insert to mysql from VB.net How to insert data to Mysql database hosting using vb.net cannot insert path file address to mysql using vb.net How to insert image in MySQL Database and retrive it using vb.net?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM