我创建了一个SQL Server数据库,我想在该数据库的特定表中添加一些数据。我使用一些文本框输入数据,并使用添加按钮完成操作。但是,当我点击按钮时,整个过程停止了,并在DBSQL模块中指出了错误,如下所示。
这是我的代码:
Imports System.Data
Imports System.Data.SqlClient
Module DBSQLServer
Public con As New SqlConnection("Data Source=JOYALXDESKTOP\SQLEXPRESS;Initial Catalog=SaleInventory;Integrated Security=True")
Public cmd As New SqlCommand
Public da As New SqlDataAdapter
Public ds As New DataSet
Public dt As DataTable
Public qr As String
Public i As Integer
Public Function searchdata(ByVal qr As String) As DataSet
da = New SqlDataAdapter(qr, con)
ds = New DataSet
da.Fill(ds)
Return ds
End Function
Public Function insertdata(ByVal qr As String) As Integer
cmd = New SqlCommand(qr, con)
con.Open()
i = cmd.ExecuteNonQuery()
con.Close()
Return i
End Function
End Module
此行发生错误:
i = cmd.ExecuteNonQuery()
错误是:
System.Data.SqlClient.SqlException:'')附近的语法不正确
这是我的添加按钮代码:
Private Sub Add_Click(sender As Object, e As EventArgs) Handles add.Click
If (isformvalid()) Then
qr = "Insert into tblProductInfo (ProName, ProDesc, ProPrice, ProStock) Values('" & nametext.Text & "','" & descriptiontext.Text & "','" & pricetext.Text & "','" & stocktext.Text & "',)"
Dim logincorrect As Boolean = Convert.ToBoolean(insertdata(qr))
If (logincorrect) Then
MsgBox("Stock Added Successfully ...", MsgBoxStyle.Information)
Else
MsgBox("Something Wrong. Record Not Saved. Please Check and Try Again...", MsgBoxStyle.Critical)
End If
End If
End Sub
当我复制该错误的详细信息时,它会显示:
System.Data.SqlClient.SqlException
HResult = 0x80131904
Message =')'附近的语法不正确。
Source = .Net SqlClient数据提供程序StackTrace:
在System.Data.SqlClient.SqlConnection.OnError处为(SqlException异常,布尔值breakConnection,操作
1 wrapCloseInAction)
1 wrapCloseInAction) 在System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj,布尔调用方HasConnectionLock,布尔asyncClose) 在System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior,SqlCommand cmdHandler,SqlDataReader dataStream,BulkCopySimpleResultSet bulkCopyHandler,TdsParserStateObject stateObj,Boolean和dataReady) 在System.Data.SqlClient.SqlCommand.RunExecuteNonQueryTds(字符串methodName,布尔异步,Int32超时,布尔asyncWrite) 在System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1完成,字符串methodName,布尔sendToPipe,Int32超时,布尔和usedCache,布尔asyncWrite,布尔inRetry时) 在System.Data.SqlClient.SqlCommand.ExecuteNonQuery() 在C:\ Users \ Joy Alx \ source \ repos \ InventoryManagement \ InventoryManagement \ DBClass \ DBSQLServer.vb中的InventoryManagement.DBSQLServer.insertdata(String qr)处:第25行 在C:\ Users \ Joy Alx \ source \ repos \ InventoryManagement \ InventoryManagement \ Screens \ Tools \ stock.vb:第29行中的InventoryManagement.stock.Add_Click(Object sender,EventArgs e) 在System.Windows.Forms.Control.OnClick(EventArgs e) 在Bunifu.Framework.UI.BunifuImageButton.OnClick(EventArgs e) 在System.Windows.Forms.Control.WmMouseUp上(消息和m,MouseButtons按钮,Int32单击) 在System.Windows.Forms.Control.WndProc(Message&m) 在System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message&m) 在System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message&m) 在System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd,Int32 msg,IntPtr wparam,IntPtr lparam) 在System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG&msg) 在System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr dwComponentID,Int32原因,Int32 pvLoopData) 在System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32原因,ApplicationContext上下文) 在System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32原因,ApplicationContext上下文) 在Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnRun() 在Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel() 在Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(String [] commandLine) 在81行的InventoryManagement.My.MyApplication.Main(String [] Args)中
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action
If I have done anything wrong to ask this type question, I am sorry. I am new in this community.Thanks in advance.
答案 0 :(得分:2)
您的查询有问题:
qr = "Insert into tblProductInfo (ProName, ProDesc, ProPrice, ProStock) Values('" & nametext.Text & "','" & descriptiontext.Text & "','" & pricetext.Text & "','" & stocktext.Text & "',)"
应该是
qr = "Insert into tblProductInfo (ProName, ProDesc, ProPrice, ProStock) Values('" & nametext.Text & "','" & descriptiontext.Text & "','" & pricetext.Text & "','" & stocktext.Text & "')"
想象这样的SQL查询:
Insert into tblProductInfo (ProName, ProDesc, ProPrice, ProStock) Values('[name]','[description]','[price]','[stock]',)
和
Insert into tblProductInfo (ProName, ProDesc, ProPrice, ProStock) Values('[name]','[description]','[price]','[stock]')
编辑:另外,我还必须与同事们达成共识-使用参数化查询或存储过程-这样可以防止SQL注入。另外,在将输入推送到db之前,请确保您正在验证输入-将文本推送到int字段将失败。