我在员工需要更新的数据库中有一个CRM表。我使用了一个Windows窗体并使用SQL连接来链接它们,但是我一直收到一个错误,即关键字附近的sytanx不正确' In'而且我真的不明白为什么。
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;
namespace WindowsFormsApplication1
{
public partial class Form1 : MetroFramework.Forms.MetroForm
{
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
// TODO: This line of code loads data into the 'traficoDataSet.Inteserado_En' table. You can move, or remove it, as needed.
this.inteserado_EnTableAdapter.Fill(this.traficoDataSet.Inteserado_En);
// TODO: This line of code loads data into the 'traficoDataSet.Contacto' table. You can move, or remove it, as needed.
this.contactoTableAdapter.Fill(this.traficoDataSet.Contacto);
// TODO: This line of code loads data into the 'traficoDataSet.Tipo' table. You can move, or remove it, as needed.
this.tipoTableAdapter.Fill(this.traficoDataSet.Tipo);
// TODO: This line of code loads data into the 'agora_UsuariosDataSet.Usuarios' table. You can move, or remove it, as needed.
this.usuariosTableAdapter.Fill(this.agora_UsuariosDataSet.Usuarios);
// TODO: This line of code loads data into the 'traficoDataSet.Como' table. You can move, or remove it, as needed.
this.comoTableAdapter.Fill(this.traficoDataSet.Como);
// TODO: This line of code loads data into the 'traficoDataSet.Trafico' table. You can move, or remove it, as needed.
this.traficoTableAdapter.Fill(this.traficoDataSet.Trafico);
}
private void button1_Click(object sender, EventArgs e)
{
SqlConnection cn = new SqlConnection(global::WindowsFormsApplication1.Properties.Settings.Default.TraficoConnectionString);
try
{
string sql = "INSERT INTO Trafico ('Nombre', 'Apedillo', 'Correo', 'Teléfono', 'Como', 'Comercial', 'Tipo', 'Contacto','Inteserado En') Values(" + nombreTextBox.Text + "," + apedilloTextBox.Text + "," + correoTextBox.Text + "," + teléfonoTextBox.Text + "," + comoComboBox.Text + "," + comercialComboBox.Text + "," + tipoComboBox.Text + "," + contactoComboBox.Text + ","+inteserado_EnComboBox.Text+"";
SqlCommand exeSql = new SqlCommand(sql, cn);
cn.Open();
exeSql.ExecuteNonQuery();
this.traficoTableAdapter.Fill(this.traficoDataSet.Trafico);
}
catch(Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
}
答案 0 :(得分:0)
尝试将字符串sql更改为:
string sql = "INSERT INTO Trafico (Nombre, Apedillo, Correo, Teléfono, Como, Comercial, Tipo, Contacto,Inteserado En) Values('" + nombreTextBox.Text + "','" + apedilloTextBox.Text + "','" + correoTextBox.Text + "','" + teléfonoTextBox.Text + "','" + comoComboBox.Text + "','" + comercialComboBox.Text + "','" + tipoComboBox.Text + "','" + contactoComboBox.Text + "','" + inteserado_EnComboBox.Text + "')";
您忘记放置右括号,也为列值添加“\ n”字符。您还应该验证所有列都是字符串。如果有一些数字,您可以省略值之间的“'”字符。
答案 1 :(得分:0)
我认为问题是您需要将值包装为单引号中的字符串,如此
string sql = "INSERT INTO Trafico ('Nombre', 'Apedillo', 'Correo', 'Teléfono', 'Como', 'Comercial', 'Tipo', 'Contacto','Inteserado En') Values('" + nombreTextBox.Text + "','" + apedilloTextBox.Text + "','" + correoTextBox.Text + "','" + teléfonoTextBox.Text + "','" + comoComboBox.Text + "','" + comercialComboBox.Text + "''," + tipoComboBox.Text + "','" + contactoComboBox.Text + "','" + inteserado_EnComboBox.Text +"')";
如上所述,使用参数来避免sql注入。它还可以在添加多行时更轻松地修改查询。您可以使用相同的查询字符串,只需交换值。你可以使用像这样的参数
string sql = "INSERT INTO Trafico ('Nombre', 'Apedillo', 'Correo', 'Teléfono', 'Como', 'Comercial', 'Tipo', 'Contacto','Inteserado En') Values(@Nobre, @Apedillo, @ Correo, @Telephono, @Como, @Comercial, @Tipo, @Contacto, @Inteserado_En)";
exeSql.Parameters.Add("@Nobre", SqlDataType.Varchar).Value = nombreTextBox.Text;
exeSql.Parameters.Add("@Apedillo", SqlDataType.Varchar).Value = apedilloTextBox.Text
//and so on
您不再需要在变量周围添加单引号,因为您在参数中定义了数据类型。 sqlcommand会知道将它视为字符串,因为它是以这种方式定义的。我还注意到列名称中的空格" Inteserado En"。确保这是正确的。通常,您不应为列名添加空格。但它可以做到