SQL附近有語法錯誤「00」

Question

當我嘗試運行我的代碼

System.Data.SqlClient.SqlException我得到這個錯誤：「附近有語法錯誤‘00’。」

我想不通的語法錯誤

using System; 
using System.Data.SqlClient; 
using System.Data.Sql; 
using System.Windows.Forms; 

namespace Barcode_Scanning 
{ 
    public partial class AddForm : Form 
     { 
     SqlCommand cmd; 
     SqlConnection con; 
     SqlDataAdapter da; 

     public AddForm() 
     { 
      InitializeComponent(); 
     } 

     private void btnBack_Click(object sender, EventArgs e) 
     { 
      FormHandler.EditForm.Show(); 
      Hide(); 
     } 
     protected override void OnClosed(EventArgs e) 
     { 
      Application.Exit(); 
      base.OnClosed(e); 
     } 
     private void btnAdd_Click(object sender, EventArgs e) 
     { 
      int quantity; 
      int price; 
      int barcodes; 
      string name; 
      DateTime date; 

      name = tbxName.Text; 
      date = Convert.ToDateTime(tbxDate.Text); 
      barcodes = Convert.ToInt32(tbxBarcode.Text); 
      quantity = Convert.ToInt32(tbxQuantity.Text); 
      price = Convert.ToInt32(tbxPrice.Text); 
      con = new SqlConnection("Data Source = (LocalDB)\\MSSQLLocalDB;  AttachDbFilename = \"C:\\Users\\hannes.corbett\\Desktop\\Barcode  Scanning\\Barcode Scanning\\BarcodeDB.mdf\"; Integrated Security = True"); 
      con.Open(); 
     cmd = new SqlCommand("INSERT INTO Products (Barcodes, Name, EDate, Quantity, Price) VALUES (" + barcodes + "," + name + "," + date + "," + quantity + "," + price + ")", con); 

      cmd.ExecuteNonQuery(); 
      con.Close(); 

      tbxBarcode.Text = String.Empty; 
      tbxName.Text = String.Empty; 
      tbxDate.Text = String.Empty; 
      tbxQuantity.Text = String.Empty; 
      tbxPrice.Text = String.Empty; 
     } 
    } 
} 

我是新的C＃和計算器所以請原諒我的不好的結構，我的帖子:) 任何關於如何更好地我的代碼提示將非常感謝！ 預先感謝

Answer 1

當然你錯過這需要在用繩子某些部分單引號和DateTime值：

cmd = new SqlCommand(@"INSERT INTO Products (Barcodes, Name, EDate, Quantity, Price) VALUES (" + barcodes + ",'" + name + "','" + date + "'," + quantity + "," + price + ")", con); 

我建議你使用參數化查詢，以避免這樣的麻煩與級聯查詢值：

using (var cmd = new SqlCommand(@"INSERT INTO Products (Barcodes, Name, EDate, Quantity, Price) VALUES (@Barcodes, @Name, @EDate, @Quantity, @Price)", con)) 
{ 
    cmd.Parameters.Add("@Barcodes", SqlDbType.Int).Value = barcodes; 
    cmd.Parameters.Add("@Name", SqlDbType.VarChar).Value = name; 
    cmd.Parameters.Add("@EDate", SqlDbType.DateTime).Value = date; 
    cmd.Parameters.Add("@Quantity", SqlDbType.Int).Value = quantity; 
    cmd.Parameters.Add("@Price", SqlDbType.Int).Value = price; 
    cmd.ExecuteNonQuery(); 
} 

Answer 2

在輸入值中必須有一些東西使SQL無效。使用參數化查詢下面給出：

private void btnAdd_Click(object sender, EventArgs e) 
     { 
      int quantity; 
      int price; 
      int barcodes; 
      string name; 
      DateTime date; 

      name = tbxName.Text; 
      date = Convert.ToDateTime(tbxDate.Text); 
      barcodes = Convert.ToInt32(tbxBarcode.Text); 
      quantity = Convert.ToInt32(tbxQuantity.Text); 
      price = Convert.ToInt32(tbxPrice.Text); 
      con = new SqlConnection("Data Source = (LocalDB)\\MSSQLLocalDB;  AttachDbFilename = \"C:\\Users\\hannes.corbett\\Desktop\\Barcode  Scanning\\Barcode Scanning\\BarcodeDB.mdf\"; Integrated Security = True"); 
      con.Open(); 
     cmd = new SqlCommand("INSERT INTO Products (Barcodes, Name, EDate, Quantity, Price) VALUES (@barcodes,@name,@date,@quantity,@price)", con); 
      cmd.Parameters.AddWithValue("@barcodes",barcodes); 
      cmd.Parameters.AddWithValue("@name", names); 
      cmd.Parameters.AddWithValue("@date", date); 
      cmd.Parameters.AddWithValue("@quantity",quantity); 
      cmd.Parameters.AddWithValue("@price",price); 
      cmd.ExecuteNonQuery(); 
      con.Close(); 

      tbxBarcode.Text = String.Empty; 
      tbxName.Text = String.Empty; 
      tbxDate.Text = String.Empty; 
      tbxQuantity.Text = String.Empty; 
      tbxPrice.Text = String.Empty; 
     }