我尝试编写代码来访问数据库,但是在带有粗体字的行中出现了OldDbException错误。我该如何更改单词以便在运行时不会出现任何错误?
private void submitbutton_Click(object sender, EventArgs e)
{
availabilitytabControl.SelectedTab = orderlisttabPage;
OleDbConnection myAccessConn = myAccessConnection();
OleDbCommand myAccessCommand = new OleDbCommand();
DataSet myDataSet = new DataSet();
try
{
int i;
myAccessConn.Open();
String insert ="insert into Particulars (Title,FirstName,LastName,Nationality,PassportNumber,PhoneNumber) VALUES(";
for (i = 0; i < 100; i++)
{
myAccessCommand.CommandText = insert;
String title = titlecomboBox.Items[i].ToString();
String firstname = firstnametextBox.Text;
String lastname = lastnametextBox.Text;
String nationality = nationalitycomboBox.Items[i].ToString();
String passportno = passporttextBox.Text;
String phoneno = phonenotextBox.Text;
myAccessCommand = new OleDbCommand(insert,myAccessConn);
OleDbDataAdapter myDataAdapter = new OleDbDataAdapter(myAccessCommand);
**myAccessCommand.ExecuteNonQuery();**
}
}
catch (Exception ex)
{
Console.WriteLine("Error: Failed to retrieve the required data from the DataBase.\n{0}", ex.Message);
return;
}
finally
{
myAccessConn.Close();
}
}
答案 0 :(得分:2)
据我所见,您从不在查询的VALUES(..)部分中添加您的值。
我的建议是;
VALUES部分myAccessCommand.Parameters.Add添加您的值。Clear()你的参数。OleDbDataAdapter部分是不必要的,因为您尝试将INSERT语句放入其中。您应始终使用parameterized queries。这种字符串连接对SQL Injection攻击是开放的。还可以使用using语句来处置数据库连接和命令。
using(var myAccessConn = myAccessConnection());
using(var myAccessCommand = myAccessConn.CreateCommand())
{
myAccessCommand.CommandText = @"insert into Particulars (Title,FirstName,LastName,Nationality,PassportNumber,PhoneNumber)
VALUES(?, ?, ?, ?, ?, ?)";
for (i = 0; i < 100; i++)
{
myAccessCommand.Parameters.Clear();
myAccessCommand.Parameters.AddWithValue("?", titlecomboBox.Items[i].ToString());
myAccessCommand.Parameters.AddWithValue("?", firstnametextBox.Text);
myAccessCommand.Parameters.AddWithValue("?", lastnametextBox.Text);
myAccessCommand.Parameters.AddWithValue("?", nationalitycomboBox.Items[i].ToString());
myAccessCommand.Parameters.AddWithValue("?", passporttextBox.Text);
myAccessCommand.Parameters.AddWithValue("?", phonenotextBox.Text);
myAccessConn.Open();
myAccessCommand.ExecuteNonQuery();
}
}
我使用AddWithValue方法作为示例,但您不是。 This method may generate unexpected results sometimes。使用Add方法重载来指定参数类型及其大小。
答案 1 :(得分:0)
您可能需要修改代码:
(请注意,这只是一个测试代码,用于检查它是否解决了您的问题,您必须使用parameter.add()构建您的命令,以保证您的代码安全)
private void submitbutton_Click(object sender, EventArgs e){
availabilitytabControl.SelectedTab = orderlisttabPage;
OleDbConnection myAccessConn = myAccessConnection();
OleDbCommand myAccessCommand = new OleDbCommand();
DataSet myDataSet = new DataSet();
try
{
int i;
myAccessConn.Open();
String insert ="insert into Particulars (Title,FirstName,LastName,Nationality,PassportNumber,PhoneNumber) VALUES(";
for (i = 0; i < 100; i++)
{
String title = titlecomboBox.Items[i].ToString();
String firstname = firstnametextBox.Text;
String lastname = lastnametextBox.Text;
String nationality = nationalitycomboBox.Items[i].ToString();
String passportno = passporttextBox.Text;
String phoneno = phonenotextBox.Text;
insert += "'"+ firstname +"','"+ lastname+"','"+nationality + "','"+ passportno +"','"+ phoneno +"')";
myAccessCommand = new OleDbCommand(insert,myAccessConn);
OleDbDataAdapter myDataAdapter = new OleDbDataAdapter(myAccessCommand);
**myAccessCommand.ExecuteNonQuery();**
}
}
catch (Exception ex)
{
Console.WriteLine("Error: Failed to retrieve the required data from the DataBase.\n{0}", ex.Message);
return;
}
finally
{
myAccessConn.Close();
}
}