这是我的代码
namespace SDD_Single_Project___Michael
{
public partial class NewUser : Form
{
private OleDbConnection connection = new OleDbConnection();
public NewUser()
{
InitializeComponent();
connection.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=G:\schoolwork\Year 11\SDD\3 SINGLE TASK\SDD Single Project - Michael \SDD Single Project - Michael \bin\Persondata.accdb;
Persist Security Info=False;";
}
private void btnBack_Click(object sender, EventArgs e)
{
this.Hide(); //hides this page
MainScreen frm = new MainScreen(); //finds the next screen (the main game)
frm.Show(); //shows it
}
private void btnSubmit_Click(object sender, EventArgs e)
{
try {
connection.Open(); // opens the connection
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "insert into Persondata where ( FirstName,LastName,Address,Suburb,Email,Mobile) values ( '" + txtFirst.Text + "' , '" + txtLast.Text + "' , '" + txtAddress.Text + "' , '" + txtSuburb.Text + "' , '" + txtEmail.Text + "' , '" + txtMobile.Text + "' ) ";
// finds where its going to, finds the columns it is going to fill, finds the text boxes that is going to fill them
command.ExecuteNonQuery(); // error occurs here!!!
MessageBox.Show("Data Saved");
connection.Close(); // closes the connection
}
catch (Exception ex)
{
MessageBox.Show("Error " + ex);
} //if there is a error message box will appear informing it
}
}
}
错误发生在command.ExecuteNonQuery();,我无法解决的问题,一旦我将所有信息填入文本框并按下提交按钮,就会发生错误。
错误表示
中INSERT INTO语句中的语法错误
System.Data.Ole.DbCommand.ExecuteNonQuery();
请帮忙!这是一个任务!我一直在努力解决它。所有帮助表示赞赏。
答案 0 :(得分:4)
INSERT syntax中没有WHERE部分。你应该从你的sql中删除它。
INSERT
{
[ TOP ( expression ) [ PERCENT ] ]
[ INTO ]
{ <object> | rowset_function_limited
[ WITH ( <Table_Hint_Limited> [ ...n ] ) ]
}
{
[ ( column_list ) ]
[ <OUTPUT Clause> ]
{ VALUES ( { DEFAULT | NULL | expression } [ ,...n ] ) [ ,...n ]
| derived_table
| execute_statement
| <dml_table_source>
| DEFAULT VALUES
}
}
}
OleDbCommand不支持命名参数。
来自OleDbCommand.Parameters property
OLE DB .NET提供程序不支持传递的命名参数 SQL语句或由a调用的存储过程的参数 CommandType设置为Text时的OleDbCommand。在这种情况下, 必须使用问号(?)占位符。例如:
SELECT * FROM Customers WHERE CustomerID =?
因此,将OleDbParameter对象添加到的顺序 OleDbParameterCollection必须直接对应于的位置 命令文本中参数的问号占位符。
如果集合中的参数与要求不匹配 要执行的查询,可能会导致错误。
但更重要的是,您应该始终使用parameterized queries。这种字符串连接对SQL Injection攻击开放。
command.CommandText = @"insert into Persondata(FirstName,LastName,Address,Suburb,Email,Mobile)
values (?, ?, ?, ?, ?, ?)";
然后使用SqlParameterCollection.Add method
还可以使用using statement来处置数据库连接。
using(OleDbConnection connection = new OleDbConnection(connString))
using(OleDbCommand command = connection.CreateCommand())
{
command.CommandText = @"insert into Persondata(FirstName,LastName,Address,Suburb,Email,Mobile)
values (?, ?, ?, ?, ?, ?)";
//Add your parameter values with right order.
connection.Open();
command.ExecuteNonQuery();
}
答案 1 :(得分:1)
您不应在WHERE声明
INSERT
command.CommandText = "insert into Persondata ( FirstName,LastName,Address,Suburb,Email,Mobile) values ( @param1,@param2,@param3,@param4,@param5,@param6) ";
command.Parameters.AddWithValue("@param1", txtFirst.Text);
command.Parameters.AddWithValue("@param2",txtLast.Text);
....
...
command.Parameters.AddWithValue("@param6",txtMobile.Text);
答案 2 :(得分:1)
应用程序中的SQL语句不正确。插入SQL子句不允许使用where。这是MSDN的摘录,具有INSERT INTO子句的结构。
[ WITH <common_table_expression> [ ,...n ] ] INSERT {
[ TOP ( expression ) [ PERCENT ] ]
[ INTO ]
{ <object> | rowset_function_limited
[ WITH ( <Table_Hint_Limited> [ ...n ] ) ]
}
{
[ ( column_list ) ]
[ <OUTPUT Clause> ]
{ VALUES ( { DEFAULT | NULL | expression } [ ,...n ] ) [ ,...n ]
| derived_table
| execute_statement
| <dml_table_source>
| DEFAULT VALUES
}
} } [;]
使用SQL语句的正确方法是(也取自MSDN):
INSERT INTO Production.UnitMeasure
VALUES (N'FT', N'Feet', '20080414');
如果使用SELECT INTO语句,可以使用where。
因此,要解决您的问题,您需要从SQL语句中 删除where子句 。