在VB.NET

-3

MySQL的語法錯誤這裏是我的button_click的代碼：在VB.NET

Private Sub Button10_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button10.Click 
    Dim conn As New MySqlConnection 
    Dim cmd As New MySqlCommand 
    Dim dr As MySqlDataReader 

    conn.ConnectionString = "server = localhost; user id = root; database = db; password = root" 
    cmd.Connection = conn 
    conn.Open() 
    cmd.CommandText = " SELECT * FROM candidate WHERE idn = '" & TextBox4.Text & "'" 
    dr = cmd.ExecuteReader 

    If dr.HasRows Then 
     MessageBox.Show("Entry I.D. No. already exist", "Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation) 
    ElseIf TextBox4.Text = "" Or TextBox5.Text = "" Or TextBox6.Text = "" Or TextBox7.Text = "" Or ComboBox1.Text = "" Or TextBox3.Text = "" Then 
     MessageBox.Show("Please complete the required fields..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation) 
    Else 
     conn.Close() 
     con.ConnectionString = "server = localhost; user id = root; database = db; password = root" 
     cmd.Connection = con 
     con.Open() 
     Dim sqlQuery As String = "INSERT INTO candidate(idn,cfname,cmname,clname,cyr,sec,vyear,votes,pword) VALUES('" & TextBox4.Text & "','" & TextBox5.Text & "','" & TextBox6.Text & "','" & TextBox7.Text & "','" & ComboBox1.Text & "','" & TextBox3.Text & "',CONCAT(YEAR(NOW()),'-',(YEAR(NOW()) + 1),'0','" & TextBox2.Text & "')" 
     Dim sqlCommand As New MySqlCommand 

     With sqlCommand 
      .CommandText = sqlQuery 
      .Connection = con 
      .ExecuteNonQuery() 
     End With 
     MsgBox("Record Inserted") 
    End If 
End Sub

有什麼錯我的INSERT查詢？我似乎在這裏找不到任何錯誤，但VB.NET說它在第1行有"錯誤？

"INSERT INTO candidate(vyear) VALUES(CONCAT(YEAR(NOW()),'-',(YEAR(NOW()) + 1))"

來源

2014-10-19 Sky Scraper

很難說沒有實際的分配/執行代碼。 – CodingIntrigue 2014-10-19 08:14:06

我計數8'（'和7'）'所以你明顯錯過了'）'。 – 2014-10-19 08:17:47

有第二年之前不平衡的開括號。需要將其刪除

"INSERT INTO candidate(vyear) VALUES(CONCAT(YEAR(NOW()),'-',YEAR(NOW()) + 1))"

看着更新的代碼，你真的需要開始使用參數化查詢

Using con = new MySqlConnection(......) 
Using cmd = con.CreateCommand() 
    con.Open() 
    Dim sqlQuery As String = "INSERT INTO candidate " & _ 
     "(idn,cfname,cmname,clname,cyr,sec,vyear,votes,pword) VALUES(" & _ 
     "@idn, @cfname, @cmname, @clname, @cyr, @sec, " & _ 
     "CONCAT(YEAR(NOW()),'-',YEAR(NOW()) + 1), " & _ 
     "@votes, @pword" 
    With cmd 
     .CommandText = sqlQuery 
     ' is idn an integer field, then pass it as integer. 
     ' instead if it is an autoincrement then remove it and let the db calculate for you 
     .Parameters.AddWithValue("@idn", Convert.ToInt32(TextBox4.Text)) 
     .Parameters.AddWithValue("@cfname, TextBox5.Text) 

     .... and so on for every placeholder in the parameterized text above 

     .ExecuteNonQuery() 
    End With 
    MsgBox("Record Inserted") 
End Using 
End Using

來源

2014-10-19 08:18:18 Steve

sir Steve只是一件事，我應該在這行'CreateCommand（）'中放置什麼'Using cmd = con.CreateCommand（）'？只是試圖學習參數化查詢。 – 2014-10-19 14:18:57

什麼都沒有。該方法預計沒有價值。連接創建命令並自動將其自身設置爲命令，其他屬性的命令文本將在with body中設置。該調用生成一個MySqlCommand的實例，只設置連接，然後在Parameters集合中爲參數文本中的每個參數佔位符「@xxxxx」添加一個參數 – Steve 2014-10-19 14:22:13

我明白了，謝謝.. – 2014-10-19 14:26:01

回答

相關問題