为什么我会收到有关INSERT INTO的语法错误?

时间:2014-06-26 14:01:20

标签: vb.net

我在运行Visual Basic应用程序时遇到问题。当我尝试将数据添加到DataGridView时,我得到syntax error INSERT INTO

以下是下面的代码,你能告诉我它有什么问题吗?

Private Sub Button3_Click(sender As Object, e As EventArgs) Handles Button3.Click
    Dim cmd As New OleDb.OleDbCommand
    If Not cnn.State = ConnectionState.Open Then
        'open connection if it is not already opened
        cnn.Open()
    End If
    'new connection
    cmd.Connection = cnn
    'check whether to add new or update
    If Me.txtEmployeeID.Tag & "" = "" Then
        'add new 
        'add new data to table
        cmd.CommandText = "INSERT INTO Attendance(EmployeeID, FirstName, LastName, Date, Holiday, HalfDay, Other, Sick, UnpaidHoliday, DaysTaken, DateFrom, DateTo) " & _
        " VALUES(" & Me.txtEmployeeID.Text & ",'" & Me.txtFirstName.Text & "','" & Me.txtLastName.Text & "','" & Me.txtdate.Text & "','" & Me.txtHoliday.Text & "','" & Me.txtHalfDay.Text & "','" & Me.txtOther.Text & "','" & Me.txtSick.Text & "','" & _
        Me.txtUnpaidHoliday.Text & "','" & Me.txtDaysTaken.Text & "','" & _
        Me.DateTimePicker2.Text & "','" & Me.DateTimePicker1.Text & "')"
        cmd.ExecuteNonQuery()
    Else
        'update data in table and execute
        cmd.CommandText = "UPDATE Attendance" & _
            " SET EmployeeID =" & Me.txtEmployeeID.Text & _
            ", FirstName ='" & Me.txtFirstName.Text & "'" & _
            ", LastName ='" & Me.txtLastName.Text & "'" & _
            ", Date ='" & Me.txtdate.Text & "'" & _
            ", Holiday ='" & Me.txtHoliday.Text & "'" & _
            ", HalfDay='" & Me.txtHalfDay.Text & "'" & _
            ", Other='" & Me.txtOther.Text & "'" & _
            ", Unpaidholiday='" & Me.txtUnpaidHoliday.Text & "'" & _
            ", DaysTaken='" & Me.txtDaysTaken.Text & "'" & _
            ", DateFrom='" & Me.DateTimePicker1.Text & "'" & _
            ", DateTo='" & Me.DateTimePicker2.Text & "'" & _
            " WHERE employeeID =" & Me.txtEmployeeID.Tag
        cmd.ExecuteNonQuery()
    End If
    'refresh data in table list
    refreshdata()
    'clear form
    Me.btnclear.PerformClick()
    'close connection
    cnn.Close()
End Sub

3 个答案:

答案 0 :(得分:2)

问题是Word DATE在许多数据库中是保留关键字。你应该把它括在方括号

  cmd.CommandText = "INSERT INTO Attendance(EmployeeID, FirstName, LastName, [Date], " & _
                    "Holiday, HalfDay, Other, Sick, UnpaidHoliday, DaysTaken, DateFrom, " & _
                    "DateTo) " .......

但你这里有一个更大的问题。连接字符串以形成sql命令文本是灾难的完美配方。 Sql注入和解析问题在这里等待您的命令。始终使用参数化查询

所以,就像一个例子

  cmd.CommandText = "INSERT INTO Attendance(EmployeeID, FirstName, LastName, [Date], " & _
                    "Holiday, HalfDay, Other, Sick, UnpaidHoliday, DaysTaken, DateFrom, " & _
                    "DateTo) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)";
  cmd.Parameters.AddWithValue("@p1", Me.txtEmployeeID.Text)
  ..... and so on for the other eleven parameters.....
  ..... add them in the exact order in which they appear in the parameter list ....
  cmd.ExecuteNonQuery()

答案 1 :(得分:0)

Date是T-SQL中的保留字,因此您需要在其周围添加方括号:

cmd.CommandText = "INSERT INTO Attendance(EmployeeID, FirstName, LastName, [Date], Holiday, HalfDay, Other, Sick, UnpaidHoliday, DaysTaken, DateFrom, DateTo) " & _
            " VALUES(" & Me.txtEmployeeID.Text & ",'" & Me.txtFirstName.Text & "','" & Me.txtLastName.Text & "','" & Me.txtdate.Text & "','" & Me.txtHoliday.Text & "','" & Me.txtHalfDay.Text & "','" & Me.txtOther.Text & "','" & Me.txtSick.Text & "','" & _
            Me.txtUnpaidHoliday.Text & "','" & Me.txtDaysTaken.Text & "','" & _
            Me.DateTimePicker2.Text & "','" & Me.DateTimePicker1.Text & "')"

答案 2 :(得分:0)

你得到什么错误?如果EmployeeID是Identity Column,则无法将值明确插入其中。