stackoom
  简体   繁体   中英

SQL insert into error VB.NET

 原文  2012-10-19 11:17:45       mysql/ sql/ vb.net

Question

running a vb application with the following code. I keep getting an error on my 'INSERT INTO' sql query, can anyone see what im doing wrong? This is the error - Syntax error in INSERT INTO statement. 

 connetionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source = C:\Users\Dave\Documents\joblist.mdb;"

            connection = New OleDb.OleDbConnection(connetionString)


            Sql = "INSERT INTO jobList (StaffID, staffName, staffLastName, note, fault, section, techID, jobcomplete) VALUES ('" & staffid & "','" & staffFN & "','" & staffLN & "','" & staffNotes & "','" & staffFault & "', '" & staffSection & "', '" & techId & "','" & ava & "')"
            connection.Open()
            oledbAdapter.UpdateCommand = connection.CreateCommand
            oledbAdapter.UpdateCommand.CommandText = Sql
            oledbAdapter.UpdateCommand.ExecuteNonQuery()
            connection.Close()
            Me.JobListTableAdapter.Fill(Me.JoblistDataSet2.jobList)

2 answers

solution1
 0  2012-10-19 11:30:09

I assume you should use the InsertCommand instead of the UpdateCommand property since you are inserting. 

oledbAdapter.InsertCommand.CommandText = "INSERT INTO jobList (StaffID, staffName, ....

Note that you're open for SQL-Injection and should use Parameters instead. You should also use Using statement to ensure that the connection gets closed even on error.

solution2
 0 ACCPTED  2012-10-19 11:34:39

Note and Section are reserved words in Jet SQL You need to encapsulate them with square brackets 

Sql = "INSERT INTO jobList (StaffID, staffName, staffLastName, [note], fault, " +
      "[section], techID, jobcomplete) VALUES (......)"

This is the source of you syntax error, but .....
aside from that, you have many problems here:

  • As pointed out by Tim Schmeiter, you use the update command instead of insert command.
  • you concatenate input text from your user to form an sql string. This leads to sql injection attacks and problems in correct parsing of text (apostrophes, invalid dates, invalid numbers, etc)
  • staffID and techID seems to be numeric fields in the database, but you put their values inside single quotes like strings. If they are numerics you will get another possible error there.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question error insert date mysql vb.net MySQL Insert into error using VB.net SQL statement error in VB.Net vb.net insert query Syntax error in Insert query in Mysql in VB.Net Error making an insert to mysql from VB.net INSERT Failed: Error in MySql syntax in VB.net Fatal Error: MySQL Insert from VB.net of Date datatype insert error system.format.exception vb.net VB.NET - Insert Date Into Mysql Database Error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM