这是我的代码,我现在有2个小时的问题
Dim Query As String
con.Open()
Query = "INSERT INTO `" & finalTableName & "` VALUES" & _
"(" & _
" '" & varDateTime & "'," & _
" '" & varComputer & "'," & _
" '" & vard & "'," & _
" '" & varll & "' ," & _
" '" & varPp & "'," & _
" '" & varVv & "' ," & _
" '" & varIi & "' ," & _
" '" & varIc & "'," & _
" '" & varPc & "'," & _
" '" & varSs & "'," & _
" '" & varRd & "'," & _
" '" & varIpd & "'," & _
" '" & varMg & "'," & _
" '', " & _
" '" & varRuleId & "', " & _
" '" & varDateUploaded & "' " & _
")"
Dim cmd As MySqlCommand = New MySqlCommand(Query, con)
If (cmd.ExecuteNonQuery()) Then
End If
con.Close()
这是我有
的问题You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near 'dd', 'Deleted',
'344', '', '4', '2014-03-05 15:29:37' )' at line 1
答案 0 :(得分:1)
使用命令参数
Dim Query As String
Query = "INSERT INTO `" & finalTableName & _
"` VALUES(@1, @2, @3, @4, @5, @6, @7, @8, @9, @10, @11, @12, @13, '', @14, @15)"
Dim cmd As MySqlCommand = New MySqlCommand(Query, con)
cmd.AddWithValue("@1", varDateTime);
cmd.AddWithValue("@2", varComputer);
cmd.AddWithValue("@3", vard);
cmd.AddWithValue("@4", varll);
cmd.AddWithValue("@5", varPp);
cmd.AddWithValue("@6", varVv);
cmd.AddWithValue("@7", varIi);
cmd.AddWithValue("@8", varIc);
cmd.AddWithValue("@9", varPc);
cmd.AddWithValue("@10", varSs);
cmd.AddWithValue("@11", varRd);
cmd.AddWithValue("@12", varIpd);
cmd.AddWithValue("@13", varMg);
cmd.AddWithValue("@14", varRuleId);
cmd.AddWithValue("@15", varDateUploaded);
con.Open()
If cmd.ExecuteNonQuery() = 1 Then
End If
con.Close()
参数将自动添加正确的方式来对应列类型(文本为文本,数字为数字,日期为日期)。
另外,我建议添加列名部分。这使得命令更安全。如果稍后添加或删除列并更改了列顺序,它仍然可以工作或至少抛出异常而不是以静默方式将值插入错误的列。
INSERT INTO table (col1, col2, col3) VALUES (val1, val2, val3)
答案 1 :(得分:-1)
取而代之的是`并使用'。 如:
`" & finalTableName & "`
应该是
'" & finalTableName & "'