1. 首頁
  2. 問答
  3. 人物SQL語句錯誤結束後

人物SQL語句錯誤結束後

2016-04-14 65 views
0

首先,我開始我的代碼:人物SQL語句錯誤結束後

  Comm2 = "INSERT INTO [Results]" _ 
       & "([ResultsID], [TestID], [Thickness], [SNR], [STD], [M1], [M2], [kVp], [mAs], [TargetFilter])" _ 
       & " values('" & CInt(NewRID) & " ', '" & CInt(NewRID) & " ', '" & Thickness & "', '" & SNR & "', '" & STD & "','" & M1 & "', '" & M2 & "', '" & kVp & "', '" & mAs & "', '" & TargetFilter & "')" 

      Comm3 = "INSERT INTO [Test]" _ 
       & "([TestID], [Date], [MachineID], [RadiographerID])" _ 
       & " values('" & CInt(NewRID) & " ', '" & todaysdate & " ', '" & 1 & " ', '" & UserID & " ',)"

但是這些表在數據庫中有關這個沒有工作,所以不得不在同一時間改變他們,所以我目前正在此:

  Comm2 = "INSERT INTO [Results] ([ResultsID],[TestID],[Tickness],[SNR],[STD],[M1],[M2],[kVp],[mAs],[TargetFilter]) VALUES('" & CInt(NewRID) & " ', '" & CInt(NewRID) & " ', '" & Thickness & "', '" & SNR & "', '" & STD & "','" & M1 & "', '" & M2 & "', '" & kVp & "', '" & mAs & "', '" & TargetFilter & "');" _ 
       & "INSERT INTO [Test] ([TestID], [Date[, [MachineID], [RadiographerID]) VALUES('" & CInt(NewRID) & " ', '" & CDate(todaysdate) & " ', '" & CInt(MachineID) & "', '" & CStr(UserID) & "')" 
      OleDbInsertCommand.Connection = conn 
      OleDbInsertCommand.CommandText = Comm2 
      adapter2.InsertCommand = OleDbInsertCommand 
      adapter2.InsertCommand.ExecuteNonQuery()

而且我收到此錯誤: https://gyazo.com/36aa32cbfb0f54bbe571f6a9384114e1

  Comm2 = "INSERT INTO [Results] ([ResultsID], [TestID], [Thickness], [SNR], [STD], [M1], [M2], [kVp], [mAs],[TargetFilter]) VALUES('" & CInt(NewRID) & " ', '" & CInt(NewRID) & " ', '" & Thickness & "', '" & SNR & "', '" & STD & "','" & M1 & "', '" & M2 & "', '" & kVp & "', '" & mAs & "', '" & TargetFilter & "')" 
      comm3 = " INSERT INTO [Test] ([TestID], [Date], [MachineID], [RadiographerID]) VALUES('" & CInt(NewRID) & " ', '" & CDate(todaysdate) & " ', '" & CInt(MachineID) & "', '" & CInt(UserID) & "')" 

      OleDbInsertCommand.Connection = conn 
      OleDbInsertCommand.CommandText = comm3 
      adapter2.InsertCommand = OleDbInsertCommand 
      adapter2.InsertCommand.ExecuteNonQuery() 
      OleDbInsertCommand.CommandText = Comm2 
      adapter2.InsertCommand = OleDbInsertCommand 
      adapter2.InsertCommand.ExecuteNonQuery()

來源

2016-04-14 Tom Davis

+1

如果您使用SQL參數,而不是將字符串的位粘合在一起,那麼問題很可能會消失。 – Plutonix

+0

嘿,我剛剛搜索了「SQL參數」,找不到任何看起來相似的東西,你有沒有一個很好的鏈接,我可以把我的知識拋諸腦後,或者有一個例子嗎? –

+0

https://msdn.microsoft.com/en-us/library/system.data.oledb.oledbparameter(v=vs.110).aspx並在此處輸入約1-2百萬Q – Plutonix

回答

1 
 Comm2 = "INSERT INTO [Results] ([ResultsID], [TestID], [Thickness], [SNR], [STD], [M1], [M2], [kVp], [mAs],[TargetFilter]) VALUES('" & CInt(NewRID) & " ', '" & CInt(NewRID) & " ', '" & Thickness & "', '" & SNR & "', '" & STD & "','" & M1 & "', '" & M2 & "', '" & kVp & "', '" & mAs & "', '" & TargetFilter & "')" 
     comm3 = " INSERT INTO [Test] ([TestID], [Date], [MachineID], [RadiographerID]) VALUES('" & CInt(NewRID) & " ', '" & CDate(todaysdate) & " ', '" & CInt(MachineID) & "', '" & CInt(UserID) & "')" 

     OleDbInsertCommand.Connection = conn 
     OleDbInsertCommand.CommandText = comm3 
     adapter2.InsertCommand = OleDbInsertCommand 
     adapter2.InsertCommand.ExecuteNonQuery() 
     OleDbInsertCommand.CommandText = Comm2 
     adapter2.InsertCommand = OleDbInsertCommand 
     adapter2.InsertCommand.ExecuteNonQuery()

來源

2016-04-14 19:48:29

+0

答案通常會告訴我們爲什麼這是一個答案。使用參數來避免sql注入和格式化問題。 – LarsTech

相關問題

 相關問題