打开和关闭连接:
OleDbConnection conn;
private void ConnectToDatabase()
{
// Creates a connection to the database using an absolute path.
conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" +Server.MapPath("App_Data\\BookRatings.accdb"));
// Opens the connection.
conn.Open();
}
private void DisconnectDatabase()
{
// The connection is closed.
conn.Close();
}
注册用户
public void RegisterCustomer(string userName, string Address, string Tel, string Email, string Ques, string Ans, string Pass)
{
// Connect to database.
ConnectToDatabase();
// Inserts the necessary values into the database.
OleDbCommand cmd = conn.CreateCommand();
cmd.CommandText = (@"INSERT INTO user ([userName], [Address],[telephone], [emailAddress], [Password], [securityQuestion], [securityAnswer]) VALUES ('" + userName + "', '" + Address + "', '" + Tel + "', '" + Email + "', '" + Pass + "', '" + Ques + "', '" + Ans + "')");
cmd.ExecuteNonQuery();
// The connection is closed.
DisconnectDatabase();
}
错误消息
' /'中的服务器错误应用
INSERT INTO语句中的语法错误。
描述:执行期间发生了未处理的异常 当前的网络请求。请查看堆栈跟踪了解更多信息 有关错误的信息以及它在代码中的起源。
异常详细信息:System.Data.OleDb.OleDbException:语法错误 INSERT INTO声明。
来源错误:
第100行:cmd.ExecuteNonQuery();第101行:// 连接已关闭。第102行:DisconnectDatabase();第103行: 第104行:[WebMethod]
源文件: * \ bookClub \ Service.aspx.cs行:102
堆栈追踪:
[OleDbException(0x80040e14):INSERT INTO语句中的语法错误。] System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr)+1102900
System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams,Object& executeResult)+247
System.Data.OleDb.OleDbCommand.ExecuteCommandText(对象&安培; executeResult)+189
System.Data.OleDb.OleDbCommand.ExecuteCommand(的CommandBehavior 行为,对象& executeResult)+58
System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(的CommandBehavior 行为,字符串方法)+162
System.Data.OleDb.OleDbCommand.ExecuteNonQuery()+ 107 Service.RegisterCustomer(String userName,String Address,String Tel, String Email,String Ques,String Ans,String Pass)in * \ bookClub \ Service.aspx.cs:102 Register.btnRegister_Click(Object sender,EventArgs e)* \ bookClub \ Register.aspx.cs:46
System.Web.UI.WebControls.Button.OnClick(EventArgs e)+9752490
System.Web.UI.WebControls.Button.RaisePostBackEvent(字符串 eventArgument)+196
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(字符串 eventArgument)+10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl,String eventArgument)+13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +35 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,Boolean includeStagesAfterAsyncPoint) 1724
我不明白为什么近线有问题?或者为什么它会在插入时崩溃...
答案 0 :(得分:4)
用户是MS Access中的 reserved word ,因此只需更新您的SQL命令,将USER
括在方括号中:
cmd.CommandText = (@"INSERT INTO [user] ([userName]....
另外,正如评论中所提到的,使用参数化查询来防止SQL注入攻击会更好。
看看这个问题的答案,告诉你如何做到这一点:
此外,在该示例中,它使用Using
块来处理关闭和处理连接,这比手动执行更好。您的代码看起来像这样,带有参数和Using
块:
conn = new OleDbConnection(@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" +Server.MapPath("App_Data\\BookRatings.accdb"));
conn.Open();
// DbCommand also implements IDisposable
using (OleDbCommand cmd = conn.CreateCommand())
{
// create command with parameter placeholders
cmd.CommandText =
@"INSERT INTO [user] ([userName], [Address],[telephone]....) " +
"VALUES (@username, @address, @telephone,....)");
// add named parameters
cmd.Parameters.AddRange(new OleDbParameter[]
{
new OleDbParameter("@userName", userName),
new OleDbParameter("@address", Address),
new OleDbParameter("@telephone", Tel),
...
};
// execute
cmd.ExecuteNonQuery();
}