0
當運行程序時,我收到一個錯誤,說'條件表達式中的數據類型不匹配'。並突出顯示行cmd.ExecuteNonQuery()。在我的數據庫中,'ID'的數據類型是AutoNumber,'Calories Burned'的數據類型是十進制的,其他的都是文本。我不知道它是否與事實相符,當我將數據輸入到文本框中時,它將其歸類爲字符串。但如果有人能幫助我會很感激。INSERT語句中條件表達式中的數據類型不匹配
Private Sub btnAdd_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnAdd.Click
Dim cmd As New OleDb.OleDbCommand
' add data to table '
If Not cnn.State = ConnectionState.Open Then
' open connection '
cnn.Open()
End If
cmd.Connection = cnn
If Me.txtID.Tag & "" = "" Then
cmd.CommandText = "INSERT INTO [Training log] ([ID], [Runner Name], [Running Average Speed], [Cyclying Average Speed], [Swimming style] , [Calories Burned]) VALUES ('" & Me.txtID.Text & "' , '" & Me.txtRunnerName.Text & "' , '" & Me.txtRunSpeed.Text & "' , '" & Me.txtCycleSpeed.Text & "', '" & Me.txtSwimStyle.Text & "', '" & Me.txtCaloriesBurned.Text & "')"
cmd.ExecuteNonQuery()
Else
cmd.CommandText = "UPDATE [Training log] SET ID=" & Me.txtID.Text & ", [Runner Name]='" & Me.txtRunnerName.Text & "', [Running Average Speed]='" & txtRunSpeed.Text & "', [Cyclyin Average Speed]='" & txtCycleSpeed.Text & "', [Swimming style]='" & txtSwimStyle.Text & "', [Calories Burned]='" & txtCaloriesBurned.Text & "' WHERE ID='" & txtRunnerName.Tag & "' "
cmd.ExecuteNonQuery()
End If
你的'txtID'-文本框中的SQL注入提示像''); DROP表[訓練日誌]''。使用sql-parameters而不是字符串連接。 –
您可能需要花些時間瞭解[VB中的數據類型](https://msdn.microsoft.com/zh-cn/library/47zceaw7.aspx) – Plutonix