-3
System.Data.OleDb.OleDbConnection bes = new OleDbConnection(@"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\JAMES DEAN\Documents\aha.mdb;User Id=admin; Password=;;");
System.Data.DataTable pc = new System.Data.DataTable();
System.Data.OleDb.OleDbDataAdapter save = new System.Data.OleDb.OleDbDataAdapter("SELECT * FROM Info (Quantity, Unit, Account, Description , Amount, Total Amount, [Date]) VALUES '"+ textBox1.Text +"','" +textBox2.Text +
"','" + textBox3.Text + "','" + textBox4.Text + "','" + textBox5 + "','" + textBox6.Text+ "','" + dateTimePicker1.Value.ToString("MM/dd/yyyy") + "','" ,bes);
save.Fill(pc);
dataGridView1.DataSource = pc;
System.Data.OleDb.OleDbCommand save = new System.Data.OleDb.OleDbCommand(
"Insert into Info (Quantity, Unit, Account, Description , Amount, Total Amount, Account Title, [Date]) VALUES '"
+ textBox1.Text +"','"
+textBox2.Text +"','"
+ textBox3.Text + "','"
+ textBox4.Text + "','"
+ textBox5 + "','"
+ textBox6.Text+ "','"
+ comboBox1.Text+"','"
+ dateTimePicker1.Value.ToString("MM/dd/yyyy") + "','" ,bes);
save.ExecuteNonQuery();
bes.Close();
這是現在我的代碼,我仍然得到錯誤TT
天啊..請**請**總是使用[參數化查詢](http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/)。這種字符串連接對於[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)攻擊是開放的。 –
而'SELECT'沒有'VALUES'的語法。你想要做什麼?你想用WHERE來用這些值過濾數據嗎?你應該總是先在你的數據庫管理器中使用你的查詢。並使用'using'語句來處理您的數據庫連接和適配器。 –
這是一個選擇和插入語句的邪惡合併? – citywall