1. 首頁
  2. 問答
  3. SQL Server無效列名異常

SQL Server無效列名異常

2013-12-11 86 views
0

我收到異常錯誤'無效列名'SQL Server無效列名異常

但如果在插入它時使用整數正在接受。

請幫助我新的VB.NET中

這裏是代碼

Imports System 
Imports System.Data 
Imports System.Data.SqlClient 


Public Class Student 
    Dim cs As New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Example\Student.mdf;Integrated Security=True;User Instance=True") 
    Dim cmd As New SqlCommand 
    Dim dr As SqlDataReader 
    Private Sub Student_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load 
     'TODO: This line of code loads data into the 'StudentDataSet1.Student' table. You can move, or remove it, as needed. 
     Me.StudentTableAdapter1.Fill(Me.StudentDataSet1.Student) 
     'TODO: This line of code loads data into the 'StudentDataSet.Student' table. You can move, or remove it, as needed. 
     Me.StudentTableAdapter.Fill(Me.StudentDataSet.Student) 
     cmd.Connection = cs 
    End Sub 

    Private Sub StudentBindingNavigatorSaveItem_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles StudentBindingNavigatorSaveItem.Click 
     Me.Validate() 
     Me.StudentBindingSource.EndEdit() 
     Me.TableAdapterManager.UpdateAll(Me.StudentDataSet) 
    End Sub 

    Private Sub btnAdd_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnAdd.Click 
     StudentBindingSource.AddNew() 
     USNTextBox.Focus() 
    End Sub 

    Private Sub btnSave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSave.Click 
     Try 
      Me.Validate() 
      Me.StudentBindingSource.EndEdit() 
      Me.TableAdapterManager.UpdateAll(Me.StudentDataSet) 
      MsgBox("1 record is added") 
     Catch ex As Exception 
      System.Windows.Forms.MessageBox.Show(ex.Message) 
     End Try 
    End Sub 
    Private Sub btnInsert_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnInsert.Click 
     If USNTextBox.Text <> "" And NameTextBox.Text <> "" And MarksTextBox.Text <> "" Then 
      cs.Open() 
      cmd.CommandText = "INSERT INTO Student" & "(USN, Name, Marks)" & "VALUES (" & USNTextBox.Text & ", " & NameTextBox.Text & ", " & MarksTextBox.Text & ")" 
      cmd.ExecuteNonQuery() 
      cs.Close() 

      USNTextBox.Text = "" 
      NameTextBox.Text = "" 
      MarksTextBox.Text = "" 
     End If 
    End Sub 

End Class

來源

2013-12-11 Rohit

+2

儘量引用並顯示SQL命令你將要執行和看哪裏錯了。您可以通過使用參數來防止該問題(以及更多!)。 –

回答

4

你需要用在apostrophs文本列。但是,您應始終使用參數化查詢來防止SQL注入。

所以不是

cmd.CommandText = "INSERT INTO Student" & "(USN, Name, Marks)" & "VALUES (" & USNTextBox.Text & ", " & NameTextBox.Text & ", " & MarksTextBox.Text & ")"

此:

Dim sql = "INSERT INTO Student(USN, Name, Marks)VALUES(@USN, @Name, @Marks)" 
Using cs = New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Example\Student.mdf;Integrated Security=True;User Instance=True") 
    Using cmd = New SqlCommand(sql, cs) 
     cmd.Parameters.AddWithValue("@USN", USNTextBox.Text) 
     cmd.Parameters.AddWithValue("@Name", NameTextBox.Text) 
     cmd.Parameters.AddWithValue("@Marks", Int32.Parse(MarksTextBox.Text)) 
     cs.Open() 
     cmd.ExecuteNonQuery() 
    End Using 
End Using

(假設Marksint柱,否則刪除Int32.Parse

來源

2013-12-11 15:50:10

+0

現在它與Gridview合作。但它沒有存儲在數據庫中 – Rohit

+0

@ user3091691:這是什麼意思? GridView中有什麼工作,什麼在數據庫中不起作用?你有例外嗎? –

+0

@ Tim:沒有例外。當執行插入時,值被存儲並在網格視圖中看到,但不存儲在後端數據庫中。 – Rohit

0

添的參數的回答是正確的溶液

但是,這是你將如何引用名稱
如果是char或NCHAR需要
這將打開你到SQL注入攻擊

cmd.CommandText = "INSERT INTO Student" & "(USN, Name, Marks)" & "VALUES (" & USNTextBox.Text & ", '" & NameTextBox.Text & "', " & MarksTextBox.Text & ")"

來源

2013-12-11 15:57:55 Paparazzi

相關問題

 相關問題