在Visual Studio中插入和刪除查詢

Question

我似乎無法讓我的插入查詢在VB中工作，它以前工作，我試圖添加刪除查詢，現在插入不起作用。

我正在使用他們的電子郵件在客戶表中搜索客戶（此工作正常），客戶表中的3個字段然後傳遞給另一個表單，然後用戶將更多數據添加到新字段中，然後用於插入到成員表中。 （我也想從客戶表中刪除客戶，一旦他們被添加到成員表使用他們的電子郵件，但似乎無法得到它的工作）。

這是我得到'關鍵字'VALUES'附近的語法不正確的錯誤。' 這裏是插入查詢的代碼，任何幫助將不勝感激。我對Visual Basic很陌生。

此代碼是我SQLControl.vb

 Public Sub Addmember(member_fname As String, member_sname As String, member_gender As String, member_dob As String, 
         member_address As String, member_postcode As String, member_email As String, member_contact_number As String, 
         member_registration As String, member_discount_rate As Integer) 
    Try 
     Dim strinsert As String = "INSERT INTO members (member_fname,member_sname,member_gender,member_dob,member_address,member_postcode,member_email,member_contact_number,member_registration,member_discount_rate " & _ 
            "VALUES(" & _ 
            "'" & member_fname & "'," & _ 
            "'" & member_sname & "'," & _ 
            "'" & member_gender & "'," & _ 
            "'" & member_dob & "'," & _ 
            "'" & member_address & "'," & _ 
            "'" & member_postcode & "'," & _ 
            "'" & member_email & "'," & _ 
            "'" & member_contact_number & "'," & _ 
            "'" & member_registration & "'," & _ 
            "'" & member_discount_rate & "')" 

     MsgBox(strinsert) 


     SQLCon.Open() 

     SQLCmd = New SqlCommand(strinsert, SQLCon) 

     SQLCmd.ExecuteNonQuery() 

     SQLCon.Close() 

    Catch ex As Exception 

     MsgBox(ex.Message) 

    End Try 
End Sub 

內，這是其中子被稱爲按鈕的形式

Private Sub addmember_Click(sender As Object, e As EventArgs) Handles addmember.Click 
    Try 
     sql.Addmember(memberupdate_firstname.Text, memberupdate_surname.Text, membergender.Text, memberdob.Text, memberaddress.Text, memberpostcode.Text, memberemail.Text, membercontactnumber.Text, memberregisterationdate.Text, membersdiscountrate.Text) 
     MsgBox("Member added") 


    Catch ex As Exception 
     MsgBox(ex.Message) 
    End Try 




End Sub 

Answer 1

你缺少的末端之間的)字符的列表和關鍵字values：

Dim strinsert As String = "INSERT INTO members (member_fname,member_sname,member_gender,member_dob,member_address,member_postcode,member_email,member_contact_number,member_registration,member_discount_rate " & _ 
           ")VALUES(" & _ 
           "'" & member_fname & "'," & _ 
           "'" & member_sname & "'," & _ 
           "'" & member_gender & "'," & _ 
           "'" & member_dob & "'," & _ 
           "'" & member_address & "'," & _ 
           "'" & member_postcode & "'," & _ 
           "'" & member_email & "'," & _ 
           "'" & member_contact_number & "'," & _ 
           "'" & member_registration & "'," & _ 
           "'" & member_discount_rate & "')" 

Answer 2

P從Sql注入代碼您的代碼：

Public Sub Addmember(member_fname As String, member_sname As String, member_gender As String, member_dob As String, 
       member_address As String, member_postcode As String, member_email As String, member_contact_number As String, 
       member_registration As String, member_discount_rate As Integer) 
    Try 
     Dim queryInsert As String = "INSERT INTO members (member_fname,member_sname,member_gender,member_dob,member_address,member_postcode,member_email,member_contact_number,member_registration,member_discount_rate) " & _ 
            " VALUES (@fname,@sname,@gender,@dob,@address,@postcode,@email,@contact_number,@registration,@discount_rate) " 

     Using sqlCon As New SqlConnection("MySqlConnectionString") 
      sqlCon.Open() 
      Using sqlCmd As New SqlCommand(queryInsert, sqlCon) 
       Dim fnameParam As SqlParameter = sqlCmd.Parameters.Add("@fname", SqlDbType.NVarChar, 10) 
       fnameParam.Value = member_fname 

       Dim snameParam As SqlParameter = sqlCmd.Parameters.Add("@sname", SqlDbType.NVarChar, 10) 
       snameParam.Value = member_sname 

       'etc. for all your parameters.. 

       sqlCmd.ExecuteNonQuery() 
      End Using 
     End Using 

    Catch ex As Exception 
     MsgBox(ex.Message) 
    End Try 
End Sub