0
我可以問這個問題,即時獲取INSERT INTO語句中的語法錯誤。每當我按Ctrl + F5。我的代碼有什麼遺漏嗎?INSERT INTO語句中的語法錯誤。 asp.net
Protected Sub btnEnter_Click(sender As Object, e As System.EventArgs) Handles btnEnter.Click
Dim CID As Integer = CInt(lblCno.Text)
Dim tRentID As String = txtRentID.Text
Dim pList As String = ProductList.Text
Dim tDate As Date = lblDue.Text
Dim amount As Integer = CInt(txtAmount.Text)
Try
Dim dbconn1, dbcomm1, dbex1, sql1
dbconn1 = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;" & "Data Source=" & Server.MapPath("~/App_Data/aspDatabase.mdb"))
dbconn1.open()
sql1 = "Insert into order VALUES (" & "'" & tRentID & "'" & "," & "'" & tDate & "'" & "," & "'" & amount & "'" & "," & "'" & CID & "'" & "," & pList & ")"
dbcomm1 = New OleDbCommand(sql1, dbconn1)
dbex1 = dbcomm1.executenonquery
dbconn1.Close()
Catch ex As Exception
lblOut.Text = ex.Message
End Try
End Sub
End Class
我強烈建議您使用參數化查詢。此插入語句是等待發生的SQL注入災難 – TGH
@TimothyHenrySusanto您可以通過減少例如'&「'」&「,」&「'」&'到'&「',' 「&',但參數化查詢是最好的選擇。 –