vb.net具有访问权限的INSERT INTO语句中的语法错误

时间:2014-03-13 18:40:21

标签: sql vb.net ms-access-2010

我在插入过程中遇到错误有人可以看看吗? 表: enter image description here

VB.NET

   Dim Name As String = txtName.Text
    Dim JoinDate As String = dpJoinDate.Value
    Dim DOB As String = dpDOB.Value
    Dim ParentsName As String = txtParentsName.Text
    Dim School As String = txtSchool.Text
    Dim STD As String = txtSTD.Text
    Dim Address As String = txtAddress.Text
    Dim EMail As String = txtEMail.Text
    Dim Mobile1 As String = txtMobile1.Text
    Dim Mobile2 As String = txtMobile2.Text
    Dim DurationStart As Date = dpDurationStart.Value
    Dim DurationEND As Date = dpDurationEND.Value
    Dim Fees As Decimal = Decimal.Parse(0.0)
    Dim MaterialFees As Decimal = Decimal.Parse(0.0)
    Dim LateFees As Decimal = Decimal.Parse(0.0)
    Dim NextRenewal As Date = dpNextRenewal.Value
    Dim Centre As String = cbCentre.Text
    Dim Coach As String = cbCoach.Text
    Dim picture As String = lblFileName.Text

    Try
        Fees = Decimal.Parse(txtFees.Text)
    Catch

    End Try

    Try
        MaterialFees = Decimal.Parse(txtMaterialFees.Text)
    Catch

    End Try

    Try
        LateFees = Decimal.Parse(txtLateFees.Text)
    Catch

    End Try

    Dim Cmd As OleDbCommand
    Dim SQL As String
    Dim objCmd As New OleDbCommand

    Dim Con = New OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=./AcademyDatabase.accdb;Persist Security Info=False;")

    SQL = "INSERT INTO Student (FullName,JoinDate,DOB,ParentsName,School,STD,Address,EMail,Mobile1,Mobile2,DurationStart,DurationEND,Fees,MaterialFees,LateFees,NextRenewal,Centre,Coach,Image,DropOut) VALUES ('" _
        & Name & "','" _
        & JoinDate & "','" _
        & DOB & "','" _
        & ParentsName & "','" _
        & School & "','" _
        & STD & "','" _
        & Address & "','" _
        & EMail & "','" _
        & Mobile1 & "','" _
        & Mobile2 & "','" _
        & DurationStart & "','" _
        & DurationEND & "','" _
        & Fees & "','" _
        & MaterialFees & "','" _
        & LateFees & "','" _
        & NextRenewal & "','" _
        & Centre & "','" _
        & Coach & "','" _
        & picture & "'," _
        & "0)"
    Cmd = New OleDbCommand(SQL, Con)

    Con.Open()
    objCmd = New OleDbCommand(SQL, Con)
    Dim rowCount As Integer = 0

    Try
        rowCount = objCmd.ExecuteNonQuery()
    Catch ex As Exception
        Console.WriteLine(ex.Message)
    End Try

SQL:

"INSERT INTO Student (FullName,JoinDate,DOB,ParentsName,School,STD,Address,EMail,Mobile1,Mobile2,DurationStart,DurationEND,Fees,MaterialFees,LateFees,NextRenewal,Centre,Coach,Image,DropOut) VALUES ('','3/13/2014','1/1/1900','','fadsasdffdas','','','','','','1/1/1900','1/1/1900','0','0','0','1/1/1900','','','',0)"

1 个答案:

答案 0 :(得分:3)

IMAGE是保留关键字。如果要将其用于列名,则需要使用方括号

封装它
"INSERT INTO Student " & _ 
"(FullName,JoinDate,DOB,ParentsName,School,STD,Address," & _
"EMail,Mobile1,Mobile2,DurationStart,DurationEND,Fees," & _
"MaterialFees,LateFees,NextRenewal,Centre,Coach,[Image],DropOut) VALUES  ...."

如果您仍然可以这样做,我建议将该列的名称更改为NON保留关键字,否则当您尝试使用该列时,您将始终遇到此问题。

请说,请阅读有关参数化查询的内容。你的代码有一个很大的问题,它被称为SQL Injection(更不用说字符串,日期和小数的解析问题)

 SQL = "INSERT INTO Student " & _ 
       "(FullName,JoinDate,DOB,ParentsName,School,STD,Address," & _
       "EMail,Mobile1,Mobile2,DurationStart,DurationEND,Fees," & _
       "MaterialFees,LateFees,NextRenewal,Centre,Coach,[Image],DropOut) " & _
       "?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0)"
 Con.Open()
 objCmd = New OleDbCommand(SQL, Con)
 objCmd.Parameters.AddWithValue("@p1", Name)
 objCmd.Parameters.AddWithValue("@p2", JoinDate)
 .... add the other missing parameters with their values.....
 objCmd.Parameters.AddWithValue("@p18", picture)

 Dim rowCount As Integer = 0
 rowCount = objCmd.ExecuteNonQuery()