1. 首頁
  2. 問答
  3. MySQL synax插入新數據c錯誤#

MySQL synax插入新數據c錯誤#

2016-04-24 70 views
0

我認爲其中一個問題,你需要第二雙眼睛看看。MySQL synax插入新數據c錯誤#

我嘗試添加新的記錄,並不斷得到同樣的錯誤,這是「在SQL語法錯誤,我使用MySQL和這裏是表

腳本爲MySQL

create table tbl_employee(
    employeeID smallint, 
    employee_Fname varchar(30), 
    employee_Sname varchar(30), 
    employee_AddressL1 varchar(100), 
    employee_AddressL2 varchar(100), 
    employee_PostCode varchar(10), 
    employee_tel_type enum('work', 'mobile', 'personal'), 
    employee_Image varchar(250), 
    employee_Job_Role  enum('admin','accounts','management','maintiantance','Sales'),  
    employee_Salary float, 
    employee_imagePath varchar(250), 
    employee_tel_no varchar(100), 
    Primary key(employeeID) 

);

,這裏是C#代碼

 connected = DataConnection.getConn(); 

     MySqlCommand cmd = new MySqlCommand("", connected); // 
     //This is my insert query in which i am taking input from the user through windows forms 
     //insert into tbl_employee value (2,'John','Rafiq','234 Zoo Rd','Alcala','2388','work' ,'admin',3500.89,'C:\blindXimages','111-111' ); 
     string Query = "Insert into tbl_employee (employeeID,employee_fname,employee_Sname,employee_AddressL1,employee_AddressL2,employee_PostCode, employee_tel_type,employee_Job_Role,employee_Salary,employee_ImagePath,employee_tel_no)" + 
     "'value('" + Convert.ToInt32( this.txtEmployeeID.Text) + "'," + this.txtName.Text + "','" + this.txtSurname.Text + "','" + this.txtAddressL1.Text + "','" + this.txtAddressL2.Text + "','" + this.txtPostCode.Text + "','" + this.txtTelType.Text + "','" + this.txtJobRole.Text + "','" + Convert.ToDecimal(this.txtSalary.Text) + "','" + this.txtFaceName.Text + "','" + this.txtTelephoneNo.Text + "')"; 

     //This is command class which will handle the query and connection object. 
     MySqlCommand MyCommand2 = new MySqlCommand(Query, connected); 
     MySqlDataReader MyReader2; 

     MyReader2 = MyCommand2.ExecuteReader();  // Here our query will be executed and data saved into the database. 
     MessageBox.Show("Save Data"); 
     while (MyReader2.Read()) 
     { 
     } 
     // connected.Close(); 
    } 
    catch (Exception ex) 
    { 
     MessageBox.Show(ex.Message); 
    } 

    btnAddNew.Enabled = false; 
    MessageBox.Show("Data is save clearing all text boxes "); 
    clearTextBox(); 
}

我有雙重和三重檢查我的語法只是想不出是我對線路去錯了行。會非常適合這種支持。

來源

2016-04-24 Wazzie

+0

除了所有的SQL注入問題之外,'value'應該是'values',並且在它之前沒有''''。 –

+0

使用預先準備好的語句不會阻止這個錯誤,但它會*通過減少逃逸和未轉義引號的糾結而使它更容易找到。嚴重的是,[準備語句](http://dev.mysql.com/doc/connector-net/en/connector-net-programming-prepared-preparing.html)是一件好事。 –

回答

0

使用「值」而不是「值」並在值之前添加空格。

來源

2016-04-24 19:09:09 mkysoft

+0

非常感謝Joachim,Darwin和myksoft,需要向像我這樣的新手學習SQL注入方面的一個話題。問題修復,通過值而不是值也導致這個錯誤。 – Wazzie

相關問題

 相關問題