1. 首頁
  2. 問答
  3. 從VB.Net到Access數據庫的SQL查詢

從VB.Net到Access數據庫的SQL查詢

2017-05-25 69 views
0

我有一個查詢,但當我嘗試它給了我一些日期或任何其他變量的錯誤。我不明白。你能幫我麼?下面是代碼:從VB.Net到Access數據庫的SQL查詢

Dim tax As Integer = 10 
     Dim APPROVED As Boolean = 1 
     Dim admin As String = "admin" 
     sqlquery.CommandText = "INSERT INTO ACCOUNTS (REFERENCE_NO, ACCT_DATE, ACCT_FROM, ACCT_DUE_DATE, TOTAL, [CURRENCY], AMOUNTS_ARE, TAX, APPROVED, UPDATED_BY, UPDATED_DATE) VALUES ('" & TextBox2.Text & "', #" & DateTimePicker1.Value.Date & "#, '" & TextBox1.Text & "', #" & DateTimePicker2.Value.Date & "#, " & TextBox3.Text & ", '" & ComboBox1.SelectedItem.ToString & "', '" & ComboBox2.SelectedItem.ToString & "', " & tax & ", '" & APPROVED & "', '" & admin & "', #" & DateTimePicker1.Value.Date & "#);" 

     sqlquery.ExecuteNonQuery()

現在我收到此錯誤:

Data type mismatch in criteria expression.

哪個日期格式要遵循?

來源

2017-05-25 sanket17

+3

使用參數來避免sql注入和格式化問題。 – LarsTech

回答

2

使用參數化查詢。

你有什麼瘋狂的脆弱的SQL注入攻擊。參數化查詢將修復該問題和格式問題:

Dim tax As Integer = 10 
Dim APPROVED As Boolean = 1 
Dim admin As String = "admin" 
sqlquery.CommandText = "INSERT INTO ACCOUNTS (REFERENCE_NO, ACCT_DATE, ACCT_FROM, ACCT_DUE_DATE, TOTAL, [CURRENCY], AMOUNTS_ARE, TAX, APPROVED, UPDATED_BY, UPDATED_DATE) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" 

sqlquery.Parameters.Add("?", OleDbType.VarWChar, 10).Value = TextBox2.Text 
sqlquery.Parameters.Add("?", OleDbType.Date).Value = DateTimePicker1.Value.Date 
'... 

sqlquery.ExecuteNonQuery()

來源

2017-05-25 18:54:15

0

條件表達式中的數據類型不匹配。您正嘗試將錯誤的數據類型插入到數據庫中。仔細檢查數據庫中的數據類型。如果是日期,則插入日期,如果是文本,則插入文本。

此外,字符串連接使查找錯誤變得更加困難,同時也使您對SQL注入開放。

下面是使用參數的一個簡單的例子:

Using con As New OleDbConnection 

      con.ConnectionString = "Provider = Microsoft.ACE.OLEDB.12.0; " & _ 
            "Data Source = " & My.Settings.dbpath 
      con.Open() 

      Dim sql_insert As String = "INSERT INTO Table_Name (Order_ID, Customer_Name) " & _ 
             "VALUES " & _ 
             "(@entry_ref, @customer_name);" 

      Dim sql_insert_entry As New OleDbCommand 

      con.Open() 

      With sql_insert_entry 
       .Parameters.AddWithValue("@entry_ref", entry_ref) 
       .Parameters.AddWithValue("@customer_name", tb_new_entry_customer_name.Text.Trim()) 
       .CommandText = sql_insert 
       .Connection = con 
       .ExecuteNonQuery() 
      End With 

      con.close() 

End Using

正如你所看到的,它很容易跟隨,並在同一時間保護您的數據庫。

來源

2017-05-25 20:11:39

相關問題

 相關問題