INSERT INTO语句获取语法错误

Question

我正在使用Microsoft Visual Studio 2010 Express，而我正在尝试使用VB.NET创建注册表单。到目前为止，这是我的代码：

Private Sub insrt()
    If picStr = vbNullString Then
        'save the current image default (noimage)
        picImage.Image.Save(".png", Imaging.ImageFormat.Png)
        'reload current " Noimage" to a binary
        picStr = Application.StartupPath + (".\noimage.png")
    End If

    'set image object to value
    IMG = (Nothing)
    IMG = Image.FromFile(picStr)
    'fill mystream into image binary
    MyStream = New MemoryStream
    IMG.Save(MyStream, Imaging.ImageFormat.Png)

    Dim gen As String = String.Empty
    If rbtnMale.Checked = True Then
        gen = "Male"
    ElseIf rbntFemale.Checked = True Then
        gen = "Female"
    End If

    Dim dob As String = cboDay.Text & "/" & cboMonth.Text & "/" & txtYr.Text

    Dim con As New OleDbConnection(cnSettings)
    con.Open()
    Try
        If txtID.Text = "" Then
            MsgBox("Please Enter year enrolled and Generate ID for this Student")
            Exit Sub
        Else
            Dim cmd As New OleDbCommand
            cmd.Connection = con
            cmd.CommandText = "INSERT into tbEnroll(StudentID,Firstname,Lastname,Gender,DOB,Hometown,Region,Sess,Batch,Class,GFirstname,GLastname,GTel,GEmail,GResidence,DateEnroll,Picture) values ('" & txtID.Text & "','" & txtFN.Text & "','" & txtLN.Text & "','" & gen & "','" & dob & "','" & txtHomeTWN.Text & "','" & cboRegion.Text & "','" & cboSession.Text & "','" & txtBatch.Text & "','" & cboClass.Text & "','" & txtGfirst.Text & "','" & txtLastnm.Text & "','" & txtTel.Text & "','" & txtEmail.Text & "','" & txtRes.Text & "','" & DateTimePicker1.Text & "', @img ,)"
            cmd.Parameters.AddWithValue("@img", OleDbType.VarBinary).Value = MyStream.GetBuffer
            cmd.ExecuteNonQuery()
            cmd.Dispose()

            MyStream.Dispose()
            MyStream = Nothing
            MsgBox("Enrollment Done successfully", , "Enrollment")
            cleartxt()
        End If
    Catch ex As Exception
        MsgBox(ex.Message)
    End Try

End Sub

这可能是什么解决方案？

Answer 1

不是将所有SQL参数连接到SQL语句，而是应该使用参数，以便以后使代码更具可读性。

我也看到了一个问题，@ img，）“这里你不应该在@img之后有逗号，因为你没有要插入的其他参数。

正如Plutonix上面所说，你不应该将所有内容转换为字符串以使用SQL的参数，它们应该是SQL表中的值类型。

Answer 2

尝试在查询视图的Access SQL Design中复制和过去查询（CommandText）。您将看到数据库是否有问题。