vb.net語法錯誤INSERT INTO聲明與訪問

Question

我得到一個錯誤，在我的插入可以有人看看？ 表：

VB.NET

Dim Name As String = txtName.Text 
    Dim JoinDate As String = dpJoinDate.Value 
    Dim DOB As String = dpDOB.Value 
    Dim ParentsName As String = txtParentsName.Text 
    Dim School As String = txtSchool.Text 
    Dim STD As String = txtSTD.Text 
    Dim Address As String = txtAddress.Text 
    Dim EMail As String = txtEMail.Text 
    Dim Mobile1 As String = txtMobile1.Text 
    Dim Mobile2 As String = txtMobile2.Text 
    Dim DurationStart As Date = dpDurationStart.Value 
    Dim DurationEND As Date = dpDurationEND.Value 
    Dim Fees As Decimal = Decimal.Parse(0.0) 
    Dim MaterialFees As Decimal = Decimal.Parse(0.0) 
    Dim LateFees As Decimal = Decimal.Parse(0.0) 
    Dim NextRenewal As Date = dpNextRenewal.Value 
    Dim Centre As String = cbCentre.Text 
    Dim Coach As String = cbCoach.Text 
    Dim picture As String = lblFileName.Text 

    Try 
     Fees = Decimal.Parse(txtFees.Text) 
    Catch 

    End Try 

    Try 
     MaterialFees = Decimal.Parse(txtMaterialFees.Text) 
    Catch 

    End Try 

    Try 
     LateFees = Decimal.Parse(txtLateFees.Text) 
    Catch 

    End Try 

    Dim Cmd As OleDbCommand 
    Dim SQL As String 
    Dim objCmd As New OleDbCommand 

    Dim Con = New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=./AcademyDatabase.accdb;Persist Security Info=False;") 

    SQL = "INSERT INTO Student (FullName,JoinDate,DOB,ParentsName,School,STD,Address,EMail,Mobile1,Mobile2,DurationStart,DurationEND,Fees,MaterialFees,LateFees,NextRenewal,Centre,Coach,Image,DropOut) VALUES ('" _ 
     & Name & "','" _ 
     & JoinDate & "','" _ 
     & DOB & "','" _ 
     & ParentsName & "','" _ 
     & School & "','" _ 
     & STD & "','" _ 
     & Address & "','" _ 
     & EMail & "','" _ 
     & Mobile1 & "','" _ 
     & Mobile2 & "','" _ 
     & DurationStart & "','" _ 
     & DurationEND & "','" _ 
     & Fees & "','" _ 
     & MaterialFees & "','" _ 
     & LateFees & "','" _ 
     & NextRenewal & "','" _ 
     & Centre & "','" _ 
     & Coach & "','" _ 
     & picture & "'," _ 
     & "0)" 
    Cmd = New OleDbCommand(SQL, Con) 

    Con.Open() 
    objCmd = New OleDbCommand(SQL, Con) 
    Dim rowCount As Integer = 0 

    Try 
     rowCount = objCmd.ExecuteNonQuery() 
    Catch ex As Exception 
     Console.WriteLine(ex.Message) 
    End Try 

SQL：

"INSERT INTO Student (FullName,JoinDate,DOB,ParentsName,School,STD,Address,EMail,Mobile1,Mobile2,DurationStart,DurationEND,Fees,MaterialFees,LateFees,NextRenewal,Centre,Coach,Image,DropOut) VALUES ('','3/13/2014','1/1/1900','','fadsasdffdas','','','','','','1/1/1900','1/1/1900','0','0','0','1/1/1900','','','',0)"

Answer 1

IMAGE是保留關鍵字。如果你想使用它的列名，那麼你需要用方括號

"INSERT INTO Student " & _ 
"(FullName,JoinDate,DOB,ParentsName,School,STD,Address," & _ 
"EMail,Mobile1,Mobile2,DurationStart,DurationEND,Fees," & _ 
"MaterialFees,LateFees,NextRenewal,Centre,Coach,[Image],DropOut) VALUES ...." 

如果你仍然能夠這樣做封裝的話，我建議修改該列到非保留關鍵字的名稱，否則當您嘗試使用該列時，您一定會遇到此問題。

說，請閱讀有關參數化查詢。您的代碼有很大的問題，它被稱爲SQL Injection（更不用說字符串，日期解析問題和小數）

SQL = "INSERT INTO Student " & _ 
     "(FullName,JoinDate,DOB,ParentsName,School,STD,Address," & _ 
     "EMail,Mobile1,Mobile2,DurationStart,DurationEND,Fees," & _ 
     "MaterialFees,LateFees,NextRenewal,Centre,Coach,[Image],DropOut) " & _ 
     "?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0)" 
Con.Open() 
objCmd = New OleDbCommand(SQL, Con) 
objCmd.Parameters.AddWithValue("@p1", Name) 
objCmd.Parameters.AddWithValue("@p2", JoinDate) 
.... add the other missing parameters with their values..... 
objCmd.Parameters.AddWithValue("@p18", picture) 

Dim rowCount As Integer = 0 
rowCount = objCmd.ExecuteNonQuery()