1. 首頁
  2. 問答
  3. 爲什麼這個查詢不能編譯?

爲什麼這個查詢不能編譯?

2012-12-30 31 views
0

這段代碼有什麼問題?爲什麼這個查詢不能編譯?

Dim mycon As OleDbConnection 
    Dim cmd As OleDbCommand 
    Dim sqlstring, game, ram, vga, scr, download, gametype, size As String 
    game = TextBox1.Text 
    download = TextBox2.Text 
    scr = TextBox3.Text 
    vga = TextBox4.Text 
    ram = TextBox5.Text 
    size = TextBox6.Text 
    gametype = DropDownList1.SelectedValue.ToString 
    mycon = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("../games.mdb")) 
    mycon.Open() 
    sqlstring = "INSERT INTO [Games] (Name , url , image , Vga , Ram , Size , Type) VALUES ('" + game + "' , '" + download + "' , '" + scr + "' , '" + vga + "' , '" + ram + "' , '" + size + "' , '" + gametype + "')" 
    cmd = New OleDbCommand(sqlstring, mycon) 
    cmd.ExecuteNonQuery() 
    mycon.Close()

當我運行它,我得到:

error in 
Line 21:   cmd.ExecuteNonQuery()

遊戲模式 ID |名稱|網址|圖片| VGA |拉姆|大小|類型

堆棧跟蹤:

[OleDbException (0x80040e14): Syntax error in INSERT INTO statement.] 
    System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr) +1090740 
    System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) +247 
    System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) +189 
    System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) +58 
    System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) +162 
    System.Data.OleDb.OleDbCommand.ExecuteNonQuery() +107 
    admin_editgames.Button1_Click(Object sender, EventArgs e) in E:\New folder (4)\WebSite1\admin\editgames.aspx.vb:23 
    System.Web.UI.WebControls.Button.OnClick(EventArgs e) +9553594 
    System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +103 
    System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10 
    System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13 
    System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +35 
    System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1724

來源

2012-12-30 Losha

+4

使用SQL數據類型的'Sqlparameter'類進行查詢。谷歌它,幫助你自己。 – akshaykumar6

+0

每當遇到錯誤時,請張貼異常消息,並在適用時發佈堆棧跟蹤。 –

+0

此外,不知道遊戲架構,很難診斷SQL插入問題。 –

回答

0

您的任何TextBox輸入在其輸入值中是否有撇號(「'」)?如果是這樣,你需要與其他撇號逃脫他們:

game = Replace(TextBox1.Text, "'", "''") 
' repeated for all variables

當你瞭解SQL注入攻擊這種代碼是如何發生的。

來源

2012-12-30 05:35:57 cfeduke

+0

在INSERT INTO語句中仍存在相同的問題errorSyntax錯誤。 – Losha

相關問題

 相關問題