我已經在Microsoft Access中測試了這條SQL語句,它完美地工作,但由於某種原因,它在我的代碼中不起作用。我已經檢查了很多次,並且我還沒有弄清楚語法錯誤(儘管它在MS Access中工作)。在INSERT INTO語句中的VB.net語法錯誤(雖然在語句中沒有語法錯誤)
這裏的錯誤消息:
類型 'System.Data.OleDb.OleDbException' 未處理的異常 出現在system.data.dll
附加信息:在INSERT INTO語句的語法錯誤。
這裏是我的代碼:現在
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
'Now, when the Register button is clicked,
'We check, if the user type is User, we create a normal User in the database.
'Otherwise, we create a Wroker.
Dim fname, lname, nationality, password As String
Dim age, yearExpr, phone, saloonID, type As Integer
fname = fNameBox.Text
lname = LNameBox.Text
age = Convert.ToInt32(ageBox.Text)
phone = Convert.ToInt32(phoneBox.Text)
password = passwordBox.Text
If (userTypeCB.Text.Equals("User")) Then
type = 1
salSql = ""
salCnc.Open()
salSql = "INSERT INTO User ([Fname], [Lname], [Age], [Phone#], [Type], [Password])
VALUES (" & "'" & fname & "'" & "," & "'" & lname & "'" & "," & age & "," & phone & "," & type & "," & "'" & password & "'" & ")"
salCommand = New OleDb.OleDbCommand(salSql, salCnc)
salCommand.ExecuteNonQuery()
salCnc.Close()
ElseIf (userTypeCB.Text.Equals("Worker")) Then
yearExpr = exprBox.Text
saloonID = saloonBox.Text
nationality = NationBox.Text
End If
End Sub
,編譯器指向salCommand.ExecuteNonQuery()
的誤差源。任何想法是什麼問題?
錯誤說明您在插入語句中有語法錯誤。你也應該使用參數化命令來避免SQL注入,這也可能是這個合成錯誤的原因 – Nkosi
什麼數據類型是'Age','Phone#'和'Type'?我強烈建議使用命令參數來避免SQL注入攻擊漏洞。 – Filburt
...或[媽媽會打你的應用](https://xkcd.com/327/) – Filburt