我无法弄清楚我的语法错误是什么。有人发现它吗?或者我是不是错了?
Dim myCommand As New OleDb.OleDbCommand("delete * from Team where intPlayerNo='" & txtUniformNo.Text & "'_ strFirstName='" & txtFirstName.Text & "'_ strLastName='" & txtLastName.Text & "'_ strParentName='" & txtParent.Text & "'_ strAddress='" & txtAddress.Text & "'_ strCity='" & txtCity.Text & "'_ strState='" & txtState.Text & "'_ strZipCode='" & txtZip.Text & "'_ strPhone='" & txtPhone.Text & "'_ intAge='" & txtAge.Text & "'", myConnection)
答案 0 :(得分:2)
删除声明为Delete From Team Where...
建议您最好使用参数化查询来避免SQL Injection次攻击
答案 1 :(得分:0)
您的语法错误,因为您有多个WHERE条件,但您没有使用正确的AND / OR将条件连接在一起。当然,只有MS-ACCESS接受DELETE * FROM表语法,但正确的SQL语法是DELETE FROM(没有*),并且也被Access接受,所以最好使用标准。
表示您需要在命令中使用参数化查询而不是字符串连接
Dim cmdText = "DELETE FROM Team " & _
"WHERE intPlayerNo = @playerNo AND " & _
"strFirstName = @firstName AND " & _
".... and so on with the other fields "
Dim myCommand As New OleDb.OleDbCommand(cmdText, myConnection)
myCommand.Parameters.Add("@playerNo", OleDbType.VarWChar).Value = txtUniformNo.Text
myCommand.Parameters.Add("@firstName", OleDbType.VarWChar).Value = txtFirstName.Text
... continue with the other parameters required by the WHERE statement
myCommand.ExecuteNonQuery()
如果某些文本框值包含单引号,使用参数将使代码远离Sql Injection并避免语法错误。
请注意,如果您的表格中有主键,那么您的WHERE可以简单地缩减为PrimaryKeyFieldName = @Value