ExecuteNonQuery没有返回值。看下面的代码:
private void btnAdd_Click(object sender, EventArgs e)
{
OleDbConnection conn;
conn = new OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=dbsCOLLABERA.accdb;Persist Security Info=False;");
string sqlAdd = "insert into tblEmployeeList(empID,empLName,empFName,empMName,empGender,empBDate,empAddress,empEAddress,empPNumber,empPosition,empStatus,empHRate,empOTRate,empTimeIn,empTimeOut) values ('"
+ txtID.Text + "','" + txtLName.Text + "','" + txtFName.Text + "','" + txtMName.Text + "','" + txtGender.SelectedValue + "','" + txtBDate.Text + "','" + txtAddress.Text + "','" + txtEAddress.Text + "','" + txtPNumber.Text + "','" + txtPosition.Text + "','"
+ txtStatus.SelectedValue + "'," + txtHRate.Text + "," + txtOTRate.Text + ",'" + txtTimeIn.SelectedValue + "','" + txtTimeOut.SelectedValue + "')";
OleDbCommand cmdAdd = new OleDbCommand(sqlAdd, conn);
conn.Open();
cmdAdd.ExecuteNonQuery();
//oledbcommand.ExecuteNonQuery();
conn.Close();
MessageBox.Show(sqlAdd);
}
答案 0 :(得分:5)
它应该返回受影响的行数,在这种情况下1.尝试分配结果:
int rowsAffected = cmdAdd.ExecuteNonQuery();
使用此代码:
string sqlAdd = "insert into tblEmployeeList(empID,empLName,empFName,empMName,empGender,empBDate,empAddress,empEAddress,empPNumber,empPosition,empStatus,empHRate,empOTRate,empTimeIn,empTimeOut) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
cmdAdd.Parameters.AddWithValue("?", txtID.Text);
cmdAdd.Parameters.AddWithValue("?", txtLName.Text);
cmdAdd.Parameters.AddWithValue("?", txtFName.Text);
cmdAdd.Parameters.AddWithValue("?", txtMName.Text);
cmdAdd.Parameters.AddWithValue("?", txtGender.SelectedValue);
cmdAdd.Parameters.AddWithValue("?", txtBDate.Text);
cmdAdd.Parameters.AddWithValue("?", txtAddress.Text);
cmdAdd.Parameters.AddWithValue("?", txtEAddress.Text);
cmdAdd.Parameters.AddWithValue("?", txtPNumber.Text);
cmdAdd.Parameters.AddWithValue("?", txtPosition.Text);
cmdAdd.Parameters.AddWithValue("?", txtStatus.SelectedValue);
cmdAdd.Parameters.AddWithValue("?", txtHRate.Text);
cmdAdd.Parameters.AddWithValue("?", txtOTRate.Text);
cmdAdd.Parameters.AddWithValue("?", txtTimeIn.SelectedValue);
cmdAdd.Parameters.AddWithValue("?", txtTimeOut.SelectedValue);
这可以修复您的SQL注入漏洞,使用参数传递参数,无需自己构建SQL。 ODBC使用?作为参数,因为它不支持参数。