我在运行Visual Basic应用程序时遇到问题。当我尝试将数据添加到DataGridView时,我得到syntax error INSERT INTO
。
以下是下面的代码,你能告诉我它有什么问题吗?
Private Sub Button3_Click(sender As Object, e As EventArgs) Handles Button3.Click
Dim cmd As New OleDb.OleDbCommand
If Not cnn.State = ConnectionState.Open Then
'open connection if it is not already opened
cnn.Open()
End If
'new connection
cmd.Connection = cnn
'check whether to add new or update
If Me.txtEmployeeID.Tag & "" = "" Then
'add new
'add new data to table
cmd.CommandText = "INSERT INTO Attendance(EmployeeID, FirstName, LastName, Date, Holiday, HalfDay, Other, Sick, UnpaidHoliday, DaysTaken, DateFrom, DateTo) " & _
" VALUES(" & Me.txtEmployeeID.Text & ",'" & Me.txtFirstName.Text & "','" & Me.txtLastName.Text & "','" & Me.txtdate.Text & "','" & Me.txtHoliday.Text & "','" & Me.txtHalfDay.Text & "','" & Me.txtOther.Text & "','" & Me.txtSick.Text & "','" & _
Me.txtUnpaidHoliday.Text & "','" & Me.txtDaysTaken.Text & "','" & _
Me.DateTimePicker2.Text & "','" & Me.DateTimePicker1.Text & "')"
cmd.ExecuteNonQuery()
Else
'update data in table and execute
cmd.CommandText = "UPDATE Attendance" & _
" SET EmployeeID =" & Me.txtEmployeeID.Text & _
", FirstName ='" & Me.txtFirstName.Text & "'" & _
", LastName ='" & Me.txtLastName.Text & "'" & _
", Date ='" & Me.txtdate.Text & "'" & _
", Holiday ='" & Me.txtHoliday.Text & "'" & _
", HalfDay='" & Me.txtHalfDay.Text & "'" & _
", Other='" & Me.txtOther.Text & "'" & _
", Unpaidholiday='" & Me.txtUnpaidHoliday.Text & "'" & _
", DaysTaken='" & Me.txtDaysTaken.Text & "'" & _
", DateFrom='" & Me.DateTimePicker1.Text & "'" & _
", DateTo='" & Me.DateTimePicker2.Text & "'" & _
" WHERE employeeID =" & Me.txtEmployeeID.Tag
cmd.ExecuteNonQuery()
End If
'refresh data in table list
refreshdata()
'clear form
Me.btnclear.PerformClick()
'close connection
cnn.Close()
End Sub
答案 0 :(得分:2)
问题是Word DATE在许多数据库中是保留关键字。你应该把它括在方括号
中 cmd.CommandText = "INSERT INTO Attendance(EmployeeID, FirstName, LastName, [Date], " & _
"Holiday, HalfDay, Other, Sick, UnpaidHoliday, DaysTaken, DateFrom, " & _
"DateTo) " .......
但你这里有一个更大的问题。连接字符串以形成sql命令文本是灾难的完美配方。 Sql注入和解析问题在这里等待您的命令。始终使用参数化查询
所以,就像一个例子
cmd.CommandText = "INSERT INTO Attendance(EmployeeID, FirstName, LastName, [Date], " & _
"Holiday, HalfDay, Other, Sick, UnpaidHoliday, DaysTaken, DateFrom, " & _
"DateTo) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)";
cmd.Parameters.AddWithValue("@p1", Me.txtEmployeeID.Text)
..... and so on for the other eleven parameters.....
..... add them in the exact order in which they appear in the parameter list ....
cmd.ExecuteNonQuery()
答案 1 :(得分:0)
Date
是T-SQL中的保留字,因此您需要在其周围添加方括号:
cmd.CommandText = "INSERT INTO Attendance(EmployeeID, FirstName, LastName, [Date], Holiday, HalfDay, Other, Sick, UnpaidHoliday, DaysTaken, DateFrom, DateTo) " & _
" VALUES(" & Me.txtEmployeeID.Text & ",'" & Me.txtFirstName.Text & "','" & Me.txtLastName.Text & "','" & Me.txtdate.Text & "','" & Me.txtHoliday.Text & "','" & Me.txtHalfDay.Text & "','" & Me.txtOther.Text & "','" & Me.txtSick.Text & "','" & _
Me.txtUnpaidHoliday.Text & "','" & Me.txtDaysTaken.Text & "','" & _
Me.DateTimePicker2.Text & "','" & Me.DateTimePicker1.Text & "')"
答案 2 :(得分:0)
你得到什么错误?如果EmployeeID是Identity Column,则无法将值明确插入其中。