我似乎无法让我的插入查询在VB中工作,之前它正在工作,我尝试添加删除查询,现在插入不起作用。
我正在使用他们的电子邮件在customers表中搜索客户(这很好用),然后将customers表中的3个字段传递给另一个表单,然后用户将更多数据添加到新字段中,然后使用插入到成员表中。 (我还想在客户表中使用他们的电子邮件将客户从客户表中删除,但似乎无法使其运行)。
这是我得到的错误'关键字' VALUES'附近的语法不正确。' 这是插入查询的代码,任何帮助将不胜感激。我是Visual Basic的新手。
此代码位于我的SQLControl.vb
中 Public Sub Addmember(member_fname As String, member_sname As String, member_gender As String, member_dob As String,
member_address As String, member_postcode As String, member_email As String, member_contact_number As String,
member_registration As String, member_discount_rate As Integer)
Try
Dim strinsert As String = "INSERT INTO members (member_fname,member_sname,member_gender,member_dob,member_address,member_postcode,member_email,member_contact_number,member_registration,member_discount_rate " & _
"VALUES(" & _
"'" & member_fname & "'," & _
"'" & member_sname & "'," & _
"'" & member_gender & "'," & _
"'" & member_dob & "'," & _
"'" & member_address & "'," & _
"'" & member_postcode & "'," & _
"'" & member_email & "'," & _
"'" & member_contact_number & "'," & _
"'" & member_registration & "'," & _
"'" & member_discount_rate & "')"
MsgBox(strinsert)
SQLCon.Open()
SQLCmd = New SqlCommand(strinsert, SQLCon)
SQLCmd.ExecuteNonQuery()
SQLCon.Close()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
这就是在
形式的按钮上调用sub的地方Private Sub addmember_Click(sender As Object, e As EventArgs) Handles addmember.Click
Try
sql.Addmember(memberupdate_firstname.Text, memberupdate_surname.Text, membergender.Text, memberdob.Text, memberaddress.Text, memberpostcode.Text, memberemail.Text, membercontactnumber.Text, memberregisterationdate.Text, membersdiscountrate.Text)
MsgBox("Member added")
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
答案 0 :(得分:1)
您在列列表末尾与关键字)之间缺少values个字符:
Dim strinsert As String = "INSERT INTO members (member_fname,member_sname,member_gender,member_dob,member_address,member_postcode,member_email,member_contact_number,member_registration,member_discount_rate " & _
")VALUES(" & _
"'" & member_fname & "'," & _
"'" & member_sname & "'," & _
"'" & member_gender & "'," & _
"'" & member_dob & "'," & _
"'" & member_address & "'," & _
"'" & member_postcode & "'," & _
"'" & member_email & "'," & _
"'" & member_contact_number & "'," & _
"'" & member_registration & "'," & _
"'" & member_discount_rate & "')"
答案 1 :(得分:1)
保护您的代码免受Sql注入:
Public Sub Addmember(member_fname As String, member_sname As String, member_gender As String, member_dob As String,
member_address As String, member_postcode As String, member_email As String, member_contact_number As String,
member_registration As String, member_discount_rate As Integer)
Try
Dim queryInsert As String = "INSERT INTO members (member_fname,member_sname,member_gender,member_dob,member_address,member_postcode,member_email,member_contact_number,member_registration,member_discount_rate) " & _
" VALUES (@fname,@sname,@gender,@dob,@address,@postcode,@email,@contact_number,@registration,@discount_rate) "
Using sqlCon As New SqlConnection("MySqlConnectionString")
sqlCon.Open()
Using sqlCmd As New SqlCommand(queryInsert, sqlCon)
Dim fnameParam As SqlParameter = sqlCmd.Parameters.Add("@fname", SqlDbType.NVarChar, 10)
fnameParam.Value = member_fname
Dim snameParam As SqlParameter = sqlCmd.Parameters.Add("@sname", SqlDbType.NVarChar, 10)
snameParam.Value = member_sname
'etc. for all your parameters..
sqlCmd.ExecuteNonQuery()
End Using
End Using
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub