Question

我编写了一个程序来处理XML并将其导入到Accsess表中，但它会产生错误。我有一个sql注入类型的声明，我认为这不太合适。

The Database(Accsess) has this
Index    Field 1 Autonumber primary key
Property Field 2 ShortText
PValue   Field 3 ShortText
PDefault Field 4 ShortText
Ptype    Field 5 ShortText

我的代码产生此错误 Error System.Data.OleDb.OleDbException (0x80040E10): Parameter ?_1 has no default value. at System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr) at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) at System.Data.OleDb.OleDbCommand.ExecuteNonQuery() at Beta3.Form1.button1_Click(Object sender, EventArgs e) in C:\Users

An this is the code that produces it.

String files;
        files = "c:\\temp\\launch.xml";
        SetCon.Text = SetCon.Text + "Processing Lauch Working \n";
        String item1, item2, item3, item4;
        XmlReader reader1 = XmlReader.Create(files);

        while (reader1.Read())
        {
            item1 = reader1.GetAttribute("name");
            item2 = reader1.GetAttribute("amount");
            item3 = reader1.GetAttribute("default");
            item4 = reader1.GetAttribute("group");
            try
            {
                SetCon.Text = SetCon.Text + "Adding Records \n";
                string ConnString = (@"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\\temp\\Set.mdb;Persist Security Info=False");
                string cmdText = "INSERT INTO Launch([Property], [PValue], [PDefault],[PType]) VALUES(?,?,?,?)";
                using (OleDbConnection Conn = new OleDbConnection(ConnString))
                {
                    using (OleDbCommand cmd = new OleDbCommand(cmdText, Conn))
                    {

                        cmd.Parameters.AddWithValue("Property", item1);
                        cmd.Parameters.AddWithValue("PValue", item2);
                        cmd.Parameters.AddWithValue("PDefault", item3);
                        cmd.Parameters.AddWithValue("PType", item4);

                        Conn.Open();
                        cmd.ExecuteNonQuery();
                        Conn.Close();
                    }

                }

我认为它的自动编号会导致错误，但我没有足够的经验来了解它。在这里，有些人可以发现我做错了什么。

Answer 1

您可以尝试使用@代替?吗？

试试这个：

string cmdText = "INSERT INTO Launch([Property], [PValue], [PDefault],[PType]) VALUES('@Property','@PValue','@PDefault','@PType')";
                using (OleDbConnection Conn = new OleDbConnection(ConnString))
                {
                    using (OleDbCommand cmd = new OleDbCommand(cmdText, Conn))
                    {

                        cmd.Parameters.AddWithValue("@Property", item1);
                        cmd.Parameters.AddWithValue("@PValue", item2);
                        cmd.Parameters.AddWithValue("@PDefault", item3);
                        cmd.Parameters.AddWithValue("@PType", item4);

                        Conn.Open();
                        cmd.ExecuteNonQuery();
                        Conn.Close();
                    }

                }

如何添加Xml数据以确认数据库错误

1 个答案: