我不知道這是否已被回答,但我在插入語句時出現語法錯誤。 繼承人我的代碼,我使用的Visual Basic 2010和MS Access 2010作爲我的數據庫INSERT INTO語句中的語法錯誤visual basic
Imports System.Data.OleDb
Imports Comprehensive.Form1
Public Class Form2
Dim cnn As New OleDb.OleDbConnection
Private Sub RefreshData()
If Not cnn.State = ConnectionState.Open Then
cnn.Open()
End If
Dim da As New OleDb.OleDbDataAdapter("SELECT * FROM items ORDER BY ID", cnn)
Dim dt As New DataTable
da.Fill(dt)
Form1.DataGridView1.DataSource = dt
cnn.Close()
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim cmd As New OleDbCommand
Try
If Not cnn.State = ConnectionState.Open Then
cnn.Open()
End If
cmd.Connection = cnn
cmd.CommandText = "INSERT INTO Items (Item_Name, Item_Type, Date_Added)" + "'VALUES('" & TextBox1.Text & "','" & TextBox2.Text & "','" & TextBox3.Text & "');'"
cmd.ExecuteNonQuery()
RefreshData()
Catch ex As Exception
MessageBox.Show(ex.Message & " - " & ex.Source)
cnn.Close()
End Try
End Sub
Private Sub Form2_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
'TODO: This line of code loads data into the 'ShitdataDataSet.Items' table. You can move, or remove it, as needed.
Me.ItemsTableAdapter.Fill(Me.ShitdataDataSet.Items)
cnn = New OleDb.OleDbConnection
cnn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=shitdata.mdb;"
End Sub
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
Me.Close()
End Sub
末級
主要[SQL注入](https://xkcd.com/327/)問題,在VALUES之前和結尾之後應該沒有''''''。 –
您在'VALUES'子句之前有一個額外的單引號,並且列列表中的close palenthesis和'VALUES'關鍵字之間應該有一個空格,並且在您的語句結尾處還有一個額外的單引號。 –
[給我參數化的SQL,或給我死亡](http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/)!!! –