我输入了右dataSource,但我没有解决问题cmd.ExecuteNonQuery()
说:
INSERT INTO语句中的语法错误。
代码:
Private Sub btnadd1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnadd1.Click
Dim cmd As New OleDb.OleDbCommand
Dim Printlist1 As New DataTable
If Not con.State = ConnectionState.Open Then
con.ConnectionString = "Provider=Microsoft.Ace.OLEDB.12.0; Data Source=c:Database11.accdb"
con.Open()
cmd.Connection = con
End If
If Me.text1.Tag & "" = "" Then
cmd.CommandText = "INSERT INTO Printlist1(StickerCode, Description, Company, Department, Location, User, SerialNumber, DatePurchased, Tagable, Quantity, Brand, Model)" & _
" VALUES(" & Me.text1.Text & ",'" & Me.text2.Text & "','" & _
Me.text3.Text & "','" & Me.text4.Text & "','" & Me.text5.Text & "','" & _
Me.text6.Text & "','" & Me.text7.Text & "','" & Me.text8.Text & "','" & _
Me.text9.Text & "','" & Me.text10.Text & "','" & Me.text11.Text & "','" & _
Me.text12.Text & "')"
cmd = New OleDbCommand(cmd.CommandText, con)
cmd.ExecuteNonQuery()
Else
cmd.CommandText = "UPDATE Printlist1 " & _
" SET StickerCode='" & Me.text1.Text & _
", Description='" & Me.text2.Text & "'" & _
", Company='" & Me.text3.Text & "'" & _
", Department='" & Me.text4.Text & "'" & _
", Location='" & Me.text5.Text & "'" & _
", User='" & Me.text6.Text & "'" & _
", SerialNumber='" & Me.text7.Text & "'" & _
", DatePurchased='" & Me.text8.Text & "'" & _
", Tagable='" & Me.text9.Text & "'" & _
", Quantity='" & Me.text10.Text & "'" & _
", Brand='" & Me.text11.Text & "'" & _
", Model='" & Me.text12.Text & "'" & _
" WHERE text1=" & Me.text1.Tag
cmd.ExecuteNonQuery()
End If
RefreshData()
Me.btnclear1.PerformClick()
con.Close()
End Sub
答案 0 :(得分:6)
使用参数化查询,如下所示:
cmd.CommandText = "INSERT INTO Printlist1(StickerCode, Description, Company, Department, Location, User, SerialNumber, DatePurchased, Tagable, Quantity, Brand, Model)" & _
" VALUES(@StickerCode, @Description, @Company, @Department, @Location, @User, @SerialNumber, @DatePurchased, @Tagable, @Quantity, @Brand, @Model)"
cmd.Parameters.AddWithValue("@StickerCode", Me.Text1.Text)
cmd.Parameters.AddWithValue("@Description", Me.Text2.Text)
cmd.Parameters.AddWithValue("@Company", Me.Text3.Text)
cmd.Parameters.AddWithValue("@Department", Me.Text4.Text)
cmd.Parameters.AddWithValue("@Location", Me.Text5.Text)
cmd.Parameters.AddWithValue("@User", Me.Text6.Text)
cmd.Parameters.AddWithValue("@SerialNumber", Me.Text7.Text)
cmd.Parameters.AddWithValue("@DatePurchased", Me.Text8.Text)
cmd.Parameters.AddWithValue("@Tagable", Me.Text9.Text)
cmd.Parameters.AddWithValue("@Quantity", Me.Text10.Text)
cmd.Parameters.AddWithValue("@Brand", Me.Text11.Text)
cmd.Parameters.AddWithValue("@Model", Me.Text12.Text)
注意:最好保持参数的顺序与查询一致,因为如果订单被更改,Microsoft Access等数据库将无法正确执行查询。
答案 1 :(得分:3)
您的Me.textN.Text值中的某个值可能包含撇号,或者某个其他意外字符会破坏您的SQL引号。解决方法是使用参数化查询和/或存储过程。
顺便提一下,这也将保护您免受SQL注入攻击,这些攻击利用与客户端应用程序中的字符串组合SQL命令相同的缺点。
(注意:我假设Me.text1.Text,因为StickerCode是一个数字。否则这就是问题所在,因为你没有像对其他列一样引用它。)
答案 2 :(得分:1)
第一行缺少'
...
"SET StickerCode='" & Me.text1.Text & "'" & _
...
答案 3 :(得分:0)
您缺少围绕第一个值的单引号。尝试
" VALUES('" & Me.text1.Text & "','" & Me.text2.Text & "','" & _
Me.text3.Text & "','" & Me.text4.Text & "','" & Me.text5.Text & "','" & _
Me.text6.Text & "','" & Me.text7.Text & "','" & Me.text8.Text & "','" & _
Me.text9.Text & "','" & Me.text10.Text & "','" & Me.text11.Text & "','" & _
Me.text12.Text & "')"