INSERT INTO - cmd.ExecuteNonQuery() - VB.Net

时间:2016-12-16 04:36:37

标签: vb.net

使用INSERT INTO时,我在cmd.ExecuteNonQuery()时遇到错误:

  

System.Data.dll中出现未处理的“System.Data.SqlClient.SqlException”类型异常

     

其他信息:'https:'附近的语法不正确。

如果有人可以提供帮助,我很高兴。

Imports System.Data.SqlClient

    Public Class Form1
        Dim con As New SqlConnection

        Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click

            WebBrowser1.Navigate(url)

            While WebBrowser1.ReadyState <> WebBrowserReadyState.Complete
                Application.DoEvents()
            End While

            RichTextBox1.Text = WebBrowser1.DocumentText

            con.Open()
            Dim cmd As New SqlCommand(("INSERT INTO tTempList (ExtData) VALUES('" & RichTextBox1.Text & "')"), con)
            cmd.ExecuteNonQuery()
            con.Close()
        End Sub

        Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
            con.Connectionstring = "Server=SURFACEPRO\SQLEXPRESS;Initial Catalog=PropApp;Integrated Security=True"
        End Sub

    End Class

3 个答案:

答案 0 :(得分:3)

使用Sql参数!

如果您将使用参数,您将永远不会遇到这样的问题。此外,参数将使您免于可能的Sql注入。

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
    WebBrowser1.Navigate(url)
    While WebBrowser1.ReadyState <> WebBrowserReadyState.Complete
        Application.DoEvents()
    End While
    RichTextBox1.Text = WebBrowser1.DocumentText

    Using connection As New SqlConnection()
        connection.Open()
        Dim query As String = "INSERT INTO tTempList (ExtData) VALUES (@ExtData)"
        Dim parameter As New SqlParameter With 
        { 
            .ParameterName = "@ExtData", 
            .SqlDbType = SqlDbType.VarChar, 
            .Value = RichTextBox1.Text 
        }

        Usinig command As New SqlCommand(query, conn)
            command.Parameters.Add(parameter)
            command.ExecuteNonQuery()
        End Using
    End Using

End Sub

答案 1 :(得分:0)

我猜你在某个文本框中有某个地方。你应该总是使用sqlparameters来避免这种错误和sql注入

答案 2 :(得分:0)

这段代码对我有用...... 

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
    WebBrowser1.Navigate(url)
    While WebBrowser1.ReadyState <> WebBrowserReadyState.Complete
        Application.DoEvents()
    End While
    RichTextBox1.Text = WebBrowser1.DocumentText

    Using connection As New SqlConnection()
        connection.Open()
        Dim query As String = "INSERT INTO tTempList (ExtData,oCategory,oSubcategory) VALUES (@ExtData,@oCategory,@oSubcategory)"

        Using Command As New SqlCommand(query, con)

            Command.Parameters.Add("@ExtData", SqlDbType.VarChar)
            Command.Parameters("@ExtData").Value = RichTextBox1.Text
            Command.Parameters.Add("@oCategory", SqlDbType.VarChar)
            Command.Parameters("@oCategory").Value = CmbCategory.Text
            Command.Parameters.Add("@oSubcategory", SqlDbType.VarChar)
            Command.Parameters("@oSubcategory").Value = cmbSubcategory.Text

            Command.ExecuteNonQuery()
        End Using
    End Using

End Sub

感谢Fabio的善意指导。 感谢Zach和Jinx88909的建议。

相关问题
最新问题