我在Microsoft Access中测试了这个SQL语句,它运行得很好,但由于某些原因它在我的代码中不起作用。我已经检查了很多次,但我还没有弄清楚语法错误(尽管它在MS Access中有效)。
以下是错误消息:
未处理的类型' System.Data.OleDb.OleDbException' 发生在System.Data.dll
中附加信息:INSERT INTO语句中的语法错误。
这是我的代码:
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
'Now, when the Register button is clicked,
'We check, if the user type is User, we create a normal User in the database.
'Otherwise, we create a Wroker.
Dim fname, lname, nationality, password As String
Dim age, yearExpr, phone, saloonID, type As Integer
fname = fNameBox.Text
lname = LNameBox.Text
age = Convert.ToInt32(ageBox.Text)
phone = Convert.ToInt32(phoneBox.Text)
password = passwordBox.Text
If (userTypeCB.Text.Equals("User")) Then
type = 1
salSql = ""
salCnc.Open()
salSql = "INSERT INTO User ([Fname], [Lname], [Age], [Phone#], [Type], [Password])
VALUES (" & "'" & fname & "'" & "," & "'" & lname & "'" & "," & age & "," & phone & "," & type & "," & "'" & password & "'" & ")"
salCommand = New OleDb.OleDbCommand(salSql, salCnc)
salCommand.ExecuteNonQuery()
salCnc.Close()
ElseIf (userTypeCB.Text.Equals("Worker")) Then
yearExpr = exprBox.Text
saloonID = saloonBox.Text
nationality = NationBox.Text
End If
End Sub
现在,编译器指向salCommand.ExecuteNonQuery()作为错误源。知道问题是什么吗?
答案 0 :(得分:4)
归功于@LarsTech
用户是关键字。你必须把它放在括号中。即:
INSERT INTO [User]...
另外,使用参数化命令来避免SQL注入,这也可能是导致此语法错误的原因。
'''code removed for brevity
salSql = "INSERT INTO [User] ([Fname],[Lname],[Age],[Phone#],[Type],[Password]) VALUES (?,?,?,?,?,?)"
salCommand = New OleDb.OleDbCommand(salSql, salCnc)
salCommand.Parameters.Add("@fname", fname)
salCommand.Parameters.Add("@lname", lname)
salCommand.Parameters.Add("@age", age)
salCommand.Parameters.Add("@phone", phone)
salCommand.Parameters.Add("@type", type)
salCommand.Parameters.Add("@password", password)
salCommand.ExecuteNonQuery()
'''code removed for brevity