我收到以下错误:
错误:您的sql语法中有错误。检查与您的mysql服务器版本对应的手册,以便在第1行的“SOFTWARE DEVELOPER”附近使用正确的语法。
这是我的代码:
Imports MySql.Data.MySqlClient
Public Class Form2
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim conStr As String = ("server=localhost;username=root;password=rootfnc;database=one")
Try
Dim con As New MySqlConnection(conStr)
Dim cmd As MySqlCommand
For i = 0 To ComboBox1.Items.Count
con.Open()
Dim sqls As String
sqls = "insert into one.initial_nom (idinitial_nom, f_name, s_name, th_name, fo_name, app_no, adm_type) values ('" & TextBox6.Text & "','" & TextBox1.Text & "', '" & TextBox2.Text & "', '" & TextBox3.Text & "', '" & TextBox4.Text & "', '" & TextBox5.Text & ",'" & ComboBox1.Items(i).ToString & "')"
cmd = New MySqlCommand(sqls, con)
cmd.ExecuteNonQuery()
Next
Catch ex As Exception
MsgBox("Error in saving to Database. Error is :" & ex.Message)
End Try
End Sub
有谁知道错误是由什么造成的?
答案 0 :(得分:1)
您没有正确地将所有要插入字符串的值包含在撇号中:
... '" & TextBox5.Text & "_,'" & ComboBox1.Items(i).ToString & "')"
注意我在TextBox5.Text连接到字符串之后放置下划线的地方:在逗号之前应该有一个关闭的撇号。
现在,事实是你不应该首先从用户输入连接SQL命令,而应该使用SqlCommand的{{3}}来准备语句。这是一个简化的例子:
sqls = "insert into tableName (column1) values (@parameterName)"
cmd = New MySqlCommand(sqls, con)
cmd.Parameters.Add(new MySqlParameter("@parameterName", TextBox5.Text))
' ...
' <snip - set other parameters as needed>
' ...
cmd.ExecuteNonQuery()