' System.Data.OleDb.OleDbException'发生在System.Data.dll中附加信息:不是有效的文件名

时间:2016-02-13 07:53:12

标签: c#

这是我的代码 文件名是正确的,我不知道是什么问题。我检查了一切,我无法找到原因,如果有人可以帮助我那将是非常棒的

using System;
using System.Collections.Generic;
using System.ComponentModel; 
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.OleDb;

namespace Car
{
    public partial class AddCar : Form
    {
        OleDbConnection cnnOLEDB = new OleDbConnection();
        OleDbCommand cmdInsert = new OleDbCommand();
        public AddCar()
        {
            InitializeComponent();
        }

        private void AddCar_Load(object sender, EventArgs e)
        { // i use access 2013 
         //the address of file is exactly the same as here
            cnnOLEDB.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data     Source=‪C:\database\LOGIN.accdb;";
            cnnOLEDB.Open();
            //the error exactly shows here
        }

        private void InstButton_Click(object sender, EventArgs e)
        {
            if(txtFullName.Text != "" && txtPIC.Text != "" && txtEmail.Text != "" && txtHP.Text != "" && txtAddress.Text != "" && txtAmount.Text != "" && txtDOR.Text != "" && txtDORE.Text != "")
            {
                cmdInsert.CommandText = "INSERT INTO MemN(FullName, PICNO, Email, HP, Address, Amount, DOR, DORE) VALUES (\'" + txtFullName.Text + "\' , \'" + txtPIC.Text + "\' , \'" + txtEmail.Text + "\' , " + txtHP.Text + " , \'" + txtAddress.Text + "\' , \'" + txtAmount.Text + "\' , \'" + txtDOR.Text + "\' , \'" + txtDORE.Text + "\');";
                cmdInsert.CommandType = CommandType.Text;
                cmdInsert.Connection = cnnOLEDB;
                MessageBox.Show("Customer added.");
            }
            else
            {
                MessageBox.Show("Customer is not added successfully!");
            }

            cmdInsert.Dispose();

        }
    }
}

1 个答案:

答案 0 :(得分:0)

首先,您应该使用parameterized sql来阻止sql injection

您没有使用qoutes围绕HP围绕它的值给出qoutes。

cmdInsert.CommandText = "INSERT INTO MemN(FullName, PICNO, Email, HP, Address, Amount, DOR, DORE) VALUES (\'" + txtFullName.Text + "\' , \'" + txtPIC.Text + "\' , \'" + txtEmail.Text + "\' , \'" + txtHP.Text + "\' , \'" + txtAddress.Text + "\' , \'" + txtAmount.Text + "\' , \'" + txtDOR.Text + "\' , \'" + txtDORE.Text + "\');";

您可以像这样使用参数化查询

cmdInsert.CommandText = "INSERT INTO MemN(FullName, PICNO, Email, HP, Address, Amount, DOR, DORE) VALUES (@FullName, @PICNO, @Email, @HP, @Address, @Amount, @DOR, @DORE);";
cmd.Parameters.AddWithValue("@FullName", txtFullName.Text);
cmd.Parameters.AddWithValue("@PICNO", txtPIC.Text);
cmd.Parameters.AddWithValue("@Email", txtEmail.Text);
cmd.Parameters.AddWithValue("@HP", txtHP.Text);
cmd.Parameters.AddWithValue("@Address", txtAddress.Text);
cmd.Parameters.AddWithValue("@Amount", txtAmount.Text);
cmd.Parameters.AddWithValue("@DOR", txtDOR.Text);
cmd.Parameters.AddWithValue("@DORE", txtDORE.Text);
相关问题
最新问题