我正在尝试从c#窗体中插入记录来访问2007数据库,但是我收到了这个错误 -
错误:INSERT INTO语句中出现语法错误。 System.Data.dll中发生了'System.Data.OleDb.OleDbException'类型的第一次机会异常
但我的代码没有出现任何问题 -
try
{
string sday = "Sun";
s1 = comboBox180.SelectedItem.ToString();
t1 = comboBox10.SelectedItem.ToString();
d1 = comboBox17.SelectedItem.ToString();
string bla="XYZ";
aCommand5 = new OleDbCommand("INSERT INTO weekly(batch_code,day,period_no,teacher1,time1,teacher2,time2,teacher3,time3,teacher4,time4,teacher5,time5,teacher6,time6,teacher7,time7,teacher8,time8,teacher9,time9,teacher10,time10,teacher11,time11,teacher12,time12) VALUES ('" + code + "','" +sday+"','" + no_of_period + "','" + t1 + "','" + d1 + "','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"')", main_connection);
int check = aCommand5.ExecuteNonQuery();
if (check == 1)
{
MessageBox.Show("Data Saved");
}
}
catch (OleDbException oldex)
{
Console.WriteLine("Error: {0}", oldex.Errors[0].Message);
}
t1和d1都是字符串变量。
答案 0 :(得分:1)
首先,您应该始终使用parameterized queries。这种代码对SQL Injection攻击开放。
其次,DAY是MS Access 2007的 reserved keyword 。您应该使用方括号,例如[day];
aCommand5 = new OleDbCommand("INSERT INTO weekly(batch_code, [day], period_no, teacher1, time1, teacher2, time2, teacher3, time3, teacher4, time4, teacher5, time5, teacher6, time6, teacher7, time7, teacher8, time8, teacher9, time9, teacher10, time10, teacher11, time11, teacher12, time12)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
main_connection);
aCommand5.Parameters.AddWithValue("@p1", code);
aCommand5.Parameters.AddWithValue("@p2", sday);
aCommand5.Parameters.AddWithValue("@p3", no_of_period);
aCommand5.Parameters.AddWithValue("@p4", t1);
aCommand5.Parameters.AddWithValue("@p5", d1);
aCommand5.Parameters.AddWithValue("@p6", bla);
aCommand5.Parameters.AddWithValue("@p7", bla);
aCommand5.Parameters.AddWithValue("@p8", bla);
aCommand5.Parameters.AddWithValue("@p9", bla);
aCommand5.Parameters.AddWithValue("@p10", bla);
aCommand5.Parameters.AddWithValue("@p11", bla);
aCommand5.Parameters.AddWithValue("@p12", bla);
aCommand5.Parameters.AddWithValue("@p13", bla);
aCommand5.Parameters.AddWithValue("@p14", bla);
aCommand5.Parameters.AddWithValue("@p15", bla);
aCommand5.Parameters.AddWithValue("@p16", bla);
aCommand5.Parameters.AddWithValue("@p17", bla);
aCommand5.Parameters.AddWithValue("@p18", bla);
aCommand5.Parameters.AddWithValue("@p19", bla);
aCommand5.Parameters.AddWithValue("@p20", bla);
aCommand5.Parameters.AddWithValue("@p21", bla);
aCommand5.Parameters.AddWithValue("@p22", bla);
aCommand5.Parameters.AddWithValue("@p23", bla);
aCommand5.Parameters.AddWithValue("@p24", bla);
aCommand5.Parameters.AddWithValue("@p25", bla);
aCommand5.Parameters.AddWithValue("@p26", bla);
aCommand5.Parameters.AddWithValue("@p27", bla);
aCommand5.ExecuteNonQuery();
答案 1 :(得分:0)
语法错误的来源是单词DAY。它是MS-Access 2007中的保留关键字,因此,您需要使用方括号
封装它 aCommand5 = new OleDbCommand("INSERT INTO weekly(batch_code,[day],.....")
但是,请允许我说这是我见过的最糟糕的字符串连接情况。 不要使用字符串连接来构建SQL查询,请使用ALWAYS参数化查询
这是使用参数化查询构建sql语句的示例
aCommand5 = new OleDbCommand("INSERT INTO weekly (batch_code,day,period_no,teacher1,time1," +
"teacher2,time2,teacher3,time3,teacher4,time4, " +
"teacher5,time5,teacher6,time6,teacher7,time7,teacher8,time8,"+
"teacher9,time9,teacher10,time10,teacher11,time11,teacher12,time12)"+
"VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?",
main_connection);
aCommand5.Parameters.AddWithValue("@p1", code);
aCommand5.Parameters.AddWithValue("@p2", sday);
.... and so on for the other 25 parameters
.....
aCommand5.ExecuteNonQuery();
通过这种方式,您可以正确地将值解析为框架代码,从而避免单引号,小数点,日期格式等语法错误。但您还要避免使用Sql Injection problem
注意此字段的正确数据库类型。如果您有字段数字或日期时间,请记住使用AddWithValue传递给数据库的值调用相应的Convert.ToXXXX