我正在处理需要将数据从Excel工作表导入mysql数据库表的应用程序的一部分。代码工作正常,直到它到达excel表中的记录,其中一个字符串值被分配“ABCDE All'John D Doe 999 West Lame Blvd Cullman,AL 35055”。我不确定,但我相信它必须与那里出现的“'”完全一致。哪个不能更改,excelsheet中的其他记录也可以包含“'”......当它到达此记录时会抛出此错误: 您的SQL语法有错误;查看与您的MySQL服务器版本对应的手册,以便在“John D Doe”,“ABCDE”,“All'John”,“D”,“Doe”,“256-555-5555”附近使用正确的语法。 ','256-555-5555'在第1行
我遇到这个问题的代码如下:
Private Function PerFormUpdate(ByVal customer As String, ByVal bill_to As String, ByVal Contact As String, ByVal Company As String, ByVal firstName As String, ByVal mi As String, ByVal lastname As String, ByVal phone As String, ByVal altPhone As String, ByVal fax As String)
Dim _db As New schoolEntities
Dim command As MySqlCommand = _dbconn.CreateCommand()
command.CommandText = "SELECT * FROM quickbooks_imports WHERE Customer= "" & _customer& "" & Bill_to= "" & _bill_to& "" & Contact= "" & _Company& ""& First_Name= "" & _firstName& "" & M_I= "" & _mi& "" & Last_Name= "" & _lastname& "" & Phone= "" & _phone& "" & Alt_Phone= "" & _altPhone& "" & Fax= "" & _Fax& """
_dbconn.Open()
Dim _mysqlReader As MySqlDataReader = command.ExecuteReader()
_dbconn.Close()
If Not _mysqlReader.HasRows Then
Dim _UpdateItem As New quickbooks_imports
Dim updateCommand As MySqlCommand = _dbconn.CreateCommand()
_UpdateItem.Customer = customer
_UpdateItem.Bill_to = bill_to
_UpdateItem.Contact = Contact
_UpdateItem.Company = Company
_UpdateItem.First_Name = firstName
_UpdateItem.M_I = mi
_UpdateItem.Last_Name = lastname
_UpdateItem.Phone = phone
_UpdateItem.Alt_Phone = altPhone
_UpdateItem.Fax = fax
updateCommand.CommandText = "INSERT INTO quickbooks_imports(Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES ('" & _UpdateItem.Customer & "','" & _UpdateItem.Bill_to & "','" & _UpdateItem.Contact & "','" & _UpdateItem.Company & "','" & _UpdateItem.First_Name & "','" & _UpdateItem.M_I & "','" & _UpdateItem.Last_Name & "','" & _UpdateItem.Phone & "','" & _UpdateItem.Alt_Phone & "','" & _UpdateItem.Fax & "') "
_dbconn.Open()
updateCommand.ExecuteNonQuery()
_db.SaveChanges()
错误显示在ExecuteNonQuery上以执行更新..
非常感谢任何帮助......
根据您的回复,我切换到params,这是新代码:
updateCommand.CommandText = "INSERT INTO quickbooks_imports (Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ? )"
updateCommand.Parameters.AddWithValue("Customer", _UpdateItem.Customer)
updateCommand.Parameters.AddWithValue("Bill_to", _UpdateItem.Bill_to)
updateCommand.Parameters.AddWithValue("Contact", _UpdateItem.Contact)
updateCommand.Parameters.AddWithValue("Company", _UpdateItem.Company)
updateCommand.Parameters.AddWithValue("First_Name", _UpdateItem.First_Name)
updateCommand.Parameters.AddWithValue("M_I", _UpdateItem.M_I)
updateCommand.Parameters.AddWithValue("Last_Name", _UpdateItem.Last_Name)
updateCommand.Parameters.AddWithValue("Phone", _UpdateItem.Phone)
updateCommand.Parameters.AddWithValue("Alt_Phone", _UpdateItem.Alt_Phone)
updateCommand.Parameters.AddWithValue("Fax", _UpdateItem.Fax)
现在如何抛出一个致命的例外......
我刚刚尝试使用您在回复中提到的名称参数,代码如下:
Private Function PerFormUpdate(ByVal customer As String, ByVal bill_to As String, ByVal Contact As String, ByVal Company As String, ByVal firstName As String, ByVal mi As String, ByVal lastname As String, ByVal phone As String, ByVal altPhone As String, ByVal fax As String)
Dim _db As New schoolEntities
Dim command As MySqlCommand = _dbconn.CreateCommand()
command.CommandText = "SELECT * FROM quickbooks_imports WHERE Customer= "" & _customer& "" & Bill_to= "" & _bill_to& "" & Contact= "" & _Company& ""& First_Name= "" & _firstName& "" & M_I= "" & _mi& "" & Last_Name= "" & _lastname& "" & Phone= "" & _phone& "" & Alt_Phone= "" & _altPhone& "" & Fax= "" & _Fax& """
_dbconn.Open()
Dim _mysqlReader As MySqlDataReader = command.ExecuteReader()
_dbconn.Close()
If Not _mysqlReader.HasRows Then
Dim _UpdateItem As New quickbooks_imports
Dim updateCommand As MySqlCommand = _dbconn.CreateCommand()
_UpdateItem.Customer = customer
_UpdateItem.Bill_to = bill_to
_UpdateItem.Contact = Contact
_UpdateItem.Company = Company
_UpdateItem.First_Name = firstName
_UpdateItem.M_I = mi
_UpdateItem.Last_Name = lastname
_UpdateItem.Phone = phone
_UpdateItem.Alt_Phone = altPhone
_UpdateItem.Fax = fax
updateCommand.CommandText = "INSERT INTO quickbooks_imports (Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
updateCommand.Parameters.AddWithValue("@Customer", _UpdateItem.Customer)
updateCommand.Parameters.AddWithValue("@Bill_to", _UpdateItem.Bill_to)
updateCommand.Parameters.AddWithValue("@Contact", _UpdateItem.Contact)
updateCommand.Parameters.AddWithValue("@Company", _UpdateItem.Company)
updateCommand.Parameters.AddWithValue("@First_Name", _UpdateItem.First_Name)
updateCommand.Parameters.AddWithValue("@M_I", _UpdateItem.M_I)
updateCommand.Parameters.AddWithValue("@Last_Name", _UpdateItem.Last_Name)
updateCommand.Parameters.AddWithValue("@Phone", _UpdateItem.Phone)
updateCommand.Parameters.AddWithValue("@Alt_Phone", _UpdateItem.Alt_Phone)
updateCommand.Parameters.AddWithValue("@Fax", _UpdateItem.Fax)
'updateCommand.CommandText = "INSERT INTO EXCEL (id,Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES ('" & _UpdateItem.id & "','" & _UpdateItem.Customer & "','" & _UpdateItem.Bill_to & "','" & _UpdateItem.Contact & "','" & _UpdateItem.Company & "','" & _UpdateItem.First_Name & "','" & _UpdateItem.M_I & "','" & _UpdateItem.Last_Name & "','" & _UpdateItem.Phone & "','" & _UpdateItem.Alt_Phone & "','" & _UpdateItem.Fax & "') ON DUPLICATE KEY UPDATE Customer= '" & _UpdateItem.Customer & "' Bill_to= '" & _UpdateItem.Bill_to & "' Contact= '" & _UpdateItem.Contact & "' Company= '" & _UpdateItem.Company & "' First_Name= '" & _UpdateItem.First_Name & "' M_I= '" & _UpdateItem.M_I & "' Last_Name= '" & _UpdateItem.Last_Name & "' Phone= '" & _UpdateItem.Phone & "' Alt_Phone= '" & _UpdateItem.Alt_Phone & "' Fax= '" & _UpdateItem.Fax & "'"
'updateCommand.CommandText = "INSERT INTO quickbooks_imports (Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES ('" & _UpdateItem.Customer & "','" & _UpdateItem.Bill_to & "','" & _UpdateItem.Contact & "','" & _UpdateItem.Company & "','" & _UpdateItem.First_Name & "','" & _UpdateItem.M_I & "','" & _UpdateItem.Last_Name & "','" & _UpdateItem.Phone & "','" & _UpdateItem.Alt_Phone & "','" & _UpdateItem.Fax & "') "
_dbconn.Open()
updateCommand.ExecuteNonQuery()
_db.SaveChanges()
我仍然在updateCommand.ExecuteNonQuery()
上得到致命的异常命令执行期间遇到致命错误。
InnerException消息:“参数'?'必须定义。“
答案 0 :(得分:0)
您需要使用parameters来正确转义字符串以便执行数据库。
请参阅此链接。 http://www.devart.com/dotconnect/mysql/docs/Parameters.html
修改:请尝试使用命名参数:
updateCommand.CommandText = "INSERT INTO quickbooks_imports (Customer,Bill_to,Contact,Company,First_Name,M_I,Last_Name,Phone,Alt_Phone,Fax) VALUES ("@Customer", "@Bill_to", "@Contact", "@Company", "@First_Name", "@M_I", "@Last_Name", "@Phone", "@Alt_Phone", "@Fax")"
updateCommand.Parameters.AddWithValue("@Customer", _UpdateItem.Customer)
updateCommand.Parameters.AddWithValue("@Bill_to", _UpdateItem.Bill_to)
updateCommand.Parameters.AddWithValue("@Contact", _UpdateItem.Contact)
updateCommand.Parameters.AddWithValue("@Company", _UpdateItem.Company)
updateCommand.Parameters.AddWithValue("@First_Name", _UpdateItem.First_Name)
updateCommand.Parameters.AddWithValue("@M_I", _UpdateItem.M_I)
updateCommand.Parameters.AddWithValue("@Last_Name", _UpdateItem.Last_Name)
updateCommand.Parameters.AddWithValue("@Phone", _UpdateItem.Phone)
updateCommand.Parameters.AddWithValue("@Alt_Phone", _UpdateItem.Alt_Phone)
updateCommand.Parameters.AddWithValue("@Fax", _UpdateItem.Fax)